|
Win32.Delf.uv, Hupigon13 -> Hilfe! Hi Leute, habe ein ziemliche großes Problem mit Trojanern auf meinem Rechner. Ich versuche nun schon seit 3 Tagen Win32.Delf.uv und Hupigon13 von meinem Rechner zu bekommen, aber leider ohne Erfolg. :( Nachdem Bitdefender Total SEcurity 2008 nicht mehr starten wollte, habe ich zu allererst versucht durch eine Neuinstallation von BD den Fehler zu beheben, aber dies funktionierte nicht. Dann habe ich mal probiert den Virus Shield Dienst manuell zu starten, aber er lies sich nicht mehr starten und die Registry lies sich mit regedit auch nicht mehr aufrufen. So habe ich mal Spybot S&D auf die Suche geschickt und nun wurden eben diese Trojaner entdeckt! Die Registry Einträge unter "Image Exceution Files Options" wurden bei der Bereinigung gelöscht, aber nach jedem Neustart sind die EInträge wieder da und verhindern das starten von Bitdefender und so muss ich jedesmal die EInträge löschen um BItdefener zum laufen zu bekommen. Jedoch werden keine .exe files erkannt oder gelöscht! :koch: Habe auch Malwarebytes' Anti-Malware, Ad-Aware, Spyware Free, Spyware Doctor, Super AntiSpyware, RegRun, aber nur Malwarebytes' Anti-Malware erkennt auch die Einträge in der REgistry und löchst diese, jedoch auch nicht alle, sodass ich immer manuell nachlöschen muss. Ich poste hier jetzt mal mein Hijack File und das Log File von Malwarebytes' Anti-Malware. Ich hoffe ihr könnt mir weiterhelfen, bin schon echt am verzweifeln! :headbang: Vielen Dank!! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:56:35, on 20.03.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Creative\Shared Files\CTAudSvc.exe C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programme\Nuance\PDF Professional 5\PDFProFiltSrv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Communicator\xcommsvr.exe C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\CTXFIHLP.EXE C:\WINDOWS\system32\CTHELPER.EXE C:\Programme\Microsoft ActiveSync\wcescomm.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Programme\Logitech\SetPoint\SetPoint.exe C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.EXE C:\WINDOWS\system32\wuauclt.exe C:\Programme\BitDefender\BitDefender 2008\vsserv.exe C:\WINDOWS\System32\svchost.exe C:\Programme\BitDefender\BitDefender 2008\bdagent.exe C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE C:\Programme\Nuance\PDF Professional 5\pdfpro5hook.exe C:\Programme\Nuance\PDF Professional 5\bin\PDFDirect.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\office12\offlb.exe C:\Programme\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: ZeonIEEventHelper Class - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Programme\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Programme\BitDefender\BitDefender 2008\IEToolbar.dll O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Programme\BitDefender\BitDefender 2008\IEShow.exe" O4 - HKLM\..\Run: [BDWizReg] "C:\Programme\BitDefender\BitDefender 2009\bdwizreg.exe" /complete O4 - HKLM\..\Run: [BDAgent] "C:\Programme\BitDefender\BitDefender 2008\bdagent.exe" O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: An vorhandene PDF-Datei anhängen - res://C:\Programme\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML O8 - Extra context menu item: Inhalt der ausgewählten Links an vorhandene PDF-Datei anhängen - res://C:\Programme\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML O8 - Extra context menu item: Linkinhalt an vorhandene PDF-Datei anhängen - res://C:\Programme\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML O8 - Extra context menu item: Mit Nuance PDF Converter 5.0 öffnen - res://C:\Programme\Nuance\PDF Professional 5\cnvres_ger.dll /100 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: PDF-Datei aus Linkinhalt erstellen - res://C:\Programme\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML O8 - Extra context menu item: PDF-Datei erstellen - res://C:\Programme\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML O8 - Extra context menu item: PDF-Dateien aus den ausgewählten Links erstellen - res://C:\Programme\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/german/...an_unicode.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.de/scan_de/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1199570029031 O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/soft...01/CTSUEng.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/soft...5106/CTPID.cab O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\CTAELicensing.exe O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Programme\Creative\Shared Files\CTAudSvc.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe O23 - Service: Nero MediaHome 4 Service (NeroMediaHomeService.4) - Nero AG - C:\Programme\Nero\Nero MediaHome 4\NMMediaServerService.exe O23 - Service: Net.Tcp Port Sharing Service NetTcpPortSharingNMIndexingService (NetTcpPortSharingNMIndexingService) - Unknown owner - C:\WINDOWS\system32\27034f4e-s.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: PDFProFiltSrv - Nuance Communications, Inc. - C:\Programme\Nuance\PDF Professional 5\PDFProFiltSrv.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programme\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programme\Spyware Doctor\pctsSvc.exe O23 - Service: Designs ThemesShellHWDetection (ThemesShellHWDetection) - Unknown owner - C:\WINDOWS\system32\1031f.exe (file missing) O23 - Service: ThreatFire - PC Tools - C:\Programme\Spyware Doctor\TFEngine\TFService.exe O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Programme\BitDefender\BitDefender 2008\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Communicator\xcommsvr.exe -- End of file - 11754 bytes ========================================================= Malwarebytes' Anti-Malware 1.34 Datenbank Version: 1870 Windows 5.1.2600 Service Pack 3 20.03.2009 22:53:01 mbam-log-2009-03-20 (22-52-58).txt Scan-Methode: Quick-Scan Durchsuchte Objekte: 82242 Laufzeit: 1 minute(s), 50 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 53 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 3 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCONSOL.EXE (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVP32.EXE (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.EXE (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapw32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVNT.EXE (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.EXE (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVWNT.EXE (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCAN32.EXE (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ZONEALARM.EXE (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\filemon.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regmon.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32X.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPF.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OllyDBG.EXE (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regtool.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\niu.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\A2SERVICE.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGNT.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGUARD.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSCAN.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdagent.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CASECURITYCENTER.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EKRN.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FAMEH32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPAVSERVER.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPWIN.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSAV32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSGK32ST.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSMA32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsserv.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwadins.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwebupw.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GFRing3.exe (Security.Hijack) -> No action taken. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) ========================================================== |
Hi, sag uns bitte welches Programm welchen Befall wo meldet. Wer findet den Delf? Wer den Hupigon und wo? Lade dir dann folgende Programme herunter und trenne die Internetverbindung. Beende alle noch offenen Programme und lasse anschließend die Scanner einzeln durchlaufen. Starte zwischen jedem Scan neu. Speichere alle Scans ab und poste die Ergebnisse anschließend hier: Blacklight scannen lassen * Lade F-Secure Blacklight runter in einen eigenen Ordner, z.B. C:\programme\blacklight. Sollte der Download nicht klappen, dann probiere es mit diesem Link. * Starte in diesem Ordner blbeta.exe. Alle anderen Programme schließen. * Klick "I accept the agreement", "next", "Scan". * Wenn der Scan fertig ist beende Blacklight mit "Close". * Im Verzeichnis von Blacklight findest Du das erstellte Log fsbl-XXX.log, anstelle der XXX steht eine längere Folge von Ziffern. Sophos scannen lassen * Gehe zu Sophos und lade dir ihren Rootkitescanner herunter. Du bekommst eine Installationsdatei sarsfx.exe. * Starte diese, akzeptiere die Lizenz und lass das Programm installieren, ändere den Pfad C:\SOPHTEMP nicht. * Gehe mit dem Explorer in diesen Ordner und starte sargui.exe, schließe danach alle anderen Programme. * Lass unter Area alles angehalt und starte den Scan mit "Start scan". Der Scan dauert einige Zeit, wenn er fertig ist poppt ein Fenster auf mit einer Zusammenfassung, klicke dort "Ok". Beende den Sophos Rootkitscanner, dieser Scan dient nur der Analyse. * Starte den Explorer und gib in der Adresszeile "%temp%" ein (ohne Anführungsstriche), dort gibt es eine Datei sarscan.log, deren Inhalt bitte posten. Gmer scannen lassen Lade dir Gmer von dieser Seite runter und entpacke es auf deinen Desktop.
Soweit deine Antivirenprogramme noch tun, kannst du diese nun wieder aktivieren.
Code: C:\WINDOWS\system32\1031f.ex
Poste bitte ein neues HijackThis log, de Ergebnisse der Rootkitscanner, die Pfadangaben und Programme der Funde und die Ergebnisse von Virustotal in deiner nächsten Antwort. lg myrtille |
Hallo, danke für deine schnelle Hilfe! Habe mein bestes versucht, hier die Ergebnisse: Malwarebytes' Anti-Malware findet folgendes: Malwarebytes' Anti-Malware 1.34 Datenbank Version: 1870 Windows 5.1.2600 Service Pack 3 22.03.2009 19:38:47 mbam-log-2009-03-22 (19-38-42).txt Scan-Methode: Quick-Scan Durchsuchte Objekte: 82536 Laufzeit: 1 minute(s), 55 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 53 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 3 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCONSOL.EXE (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVP32.EXE (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.EXE (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapw32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVNT.EXE (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.EXE (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVWNT.EXE (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCAN32.EXE (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ZONEALARM.EXE (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\filemon.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regmon.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32X.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPF.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OllyDBG.EXE (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regtool.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\niu.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\A2SERVICE.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGNT.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGUARD.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSCAN.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdagent.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CASECURITYCENTER.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EKRN.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FAMEH32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPAVSERVER.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPWIN.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSAV32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSGK32ST.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSMA32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsserv.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwadins.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwebupw.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GFRing3.exe (Security.Hijack) -> No action taken. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) ========================================================== Blacklight Ergebnisse: gibt es jedoch nicht in der von Dir vorgeschlagenen Beta Version zum Download? 03/22/09 11:31:58 [Info]: BlackLight Engine 2.2.1092 initialized 03/22/09 11:31:58 [Info]: OS: 5.1 build 2600 (Service Pack 3) 03/22/09 11:31:58 [Note]: 7019 4 03/22/09 11:31:58 [Note]: 7005 0 03/22/09 11:32:03 [Note]: 7006 0 03/22/09 11:32:03 [Note]: 7011 808 03/22/09 11:32:03 [Note]: 7035 0 03/22/09 11:32:03 [Note]: 7026 0 03/22/09 11:32:03 [Note]: 7026 0 03/22/09 11:32:06 [Note]: FSRAW library version 1.7.1024 03/22/09 11:37:09 [Note]: 2000 1012 03/22/09 11:47:37 [Note]: 7007 0 ========================================================== Sophos Anti-Rootkit Version 1.3.1 (data 1.08) (c) 2006 Sophos Plc Started logging on 22.03.2009 at 12:00:13 Hidden: registry item \HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DhcpNameServer Hidden: registry item \HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{030DE346-D365-4AD4-A93C-D352457C065A}\DhcpRetryTime Hidden: registry item \HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{030DE346-D365-4AD4-A93C-D352457C065A}\DhcpRetryStatus Hidden: registry item \HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{030DE346-D365-4AD4-A93C-D352457C065A}\DhcpNameServer Hidden: registry item \HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{030DE346-D365-4AD4-A93C-D352457C065A}\DhcpDefaultGateway Hidden: registry item \HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{030DE346-D365-4AD4-A93C-D352457C065A}\DhcpSubnetMaskOpt Hidden: registry item \HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{030DE346-D365-4AD4-A93C-D352457C065A}\Parameters\Tcpip\DhcpDefaultGateway Hidden: registry item \HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{030DE346-D365-4AD4-A93C-D352457C065A}\Parameters\Tcpip\DhcpSubnetMaskOpt Stopped logging on 22.03.2009 at 12:10:37 |
========================================================== GMER 1.0.15.14944 - http://www.gmer.net Rootkit scan 2009-03-22 19:23:57 Windows 5.1.2600 Service Pack 3 ---- System - GMER 1.0.15 ---- SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xB9DB8506] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xB9DA7240] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xB9DA7432] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xB9DB8CC8] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xB9DB8F88] SSDT spgp.sys ZwEnumerateKey [0xB9EC8CA2] SSDT spgp.sys ZwEnumerateValueKey [0xB9EC9030] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xB9DB73EC] SSDT spgp.sys ZwQueryKey [0xB9EC9108] SSDT spgp.sys ZwQueryValueKey [0xB9EC8F88] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xB9DB93EC] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xB9DB87B8] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xB9DA6EF0] INT 0x63 ? 8B14ABF8 INT 0x63 ? 8B14ABF8 INT 0x63 ? 8B016BF8 INT 0x63 ? 8B14ABF8 INT 0x84 ? 8B016BF8 INT 0x94 ? 8B016BF8 INT 0xA4 ? 8B14ABF8 INT 0xB4 ? 8B14ABF8 INT 0xB4 ? 8B14ABF8 INT 0xB4 ? 8B14ABF8 ---- Kernel code sections - GMER 1.0.15 ---- ? spgp.sys Das System kann die angegebene Datei nicht finden. ! .text USBPORT.SYS!DllUnload B95D38AC 5 Bytes JMP 8B0161D8 .text aoasg1bi.SYS B93BB384 1 Byte [20] .text aoasg1bi.SYS B93BB384 37 Bytes [20, 00, 00, 68, 00, 00, 00, ...] .text aoasg1bi.SYS B93BB3AA 24 Bytes [00, 00, 20, 00, 00, E0, 00, ...] .text aoasg1bi.SYS B93BB3C4 3 Bytes [00, 00, 00] .text aoasg1bi.SYS B93BB3C9 1 Byte [00] .text ... ? C:\WINDOWS\system32\E.tmp Das System kann die angegebene Datei nicht finden. ! ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EAC040] spgp.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EAC13C] spgp.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EAC0BE] spgp.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EAC7FC] spgp.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EAC6D2] spgp.sys IAT \SystemRoot\System32\Drivers\aoasg1bi.SYS[HAL.dll!KfAcquireSpinLock] 000000AD IAT \SystemRoot\System32\Drivers\aoasg1bi.SYS[HAL.dll!READ_PORT_UCHAR] 000000D4 IAT \SystemRoot\System32\Drivers\aoasg1bi.SYS[HAL.dll!KeGetCurrentIrql] 000000A2 IAT \SystemRoot\System32\Drivers\aoasg1bi.SYS[HAL.dll!KfRaiseIrql] 000000AF IAT \SystemRoot\System32\Drivers\aoasg1bi.SYS[HAL.dll!KfLowerIrql] 0000009C IAT \SystemRoot\System32\Drivers\aoasg1bi.SYS[HAL.dll!HalGetInterruptVector] 000000A4 IAT \SystemRoot\System32\Drivers\aoasg1bi.SYS[HAL.dll!HalTranslateBusAddress] 00000072 IAT \SystemRoot\System32\Drivers\aoasg1bi.SYS[HAL.dll!KeStallExecutionProcessor] 000000C0 IAT \SystemRoot\System32\Drivers\aoasg1bi.SYS[HAL.dll!KfReleaseSpinLock] 000000B7 IAT \SystemRoot\System32\Drivers\aoasg1bi.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 000000FD IAT \SystemRoot\System32\Drivers\aoasg1bi.SYS[HAL.dll!READ_PORT_USHORT] 00000093 IAT \SystemRoot\System32\Drivers\aoasg1bi.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 00000026 IAT \SystemRoot\System32\Drivers\aoasg1bi.SYS[HAL.dll!WRITE_PORT_UCHAR] 00000036 IAT \SystemRoot\System32\Drivers\aoasg1bi.SYS[WMILIB.SYS!WmiSystemControl] 000000F7 IAT \SystemRoot\System32\Drivers\aoasg1bi.SYS[WMILIB.SYS!WmiCompleteRequest] 000000CC ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8B1491F8 AttachedDevice \FileSystem\Ntfs \Ntfs TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools) Device \FileSystem\Fastfat \FatCdrom 89C06500 Device \FileSystem\Udfs \UdfsCdRom 89BB21F8 Device \FileSystem\Udfs \UdfsDisk 89BB21F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{030DE346-D365-4AD4-A93C-D352457C065A} 8A9011F8 AttachedDevice \Driver\Tcpip \Device\Ip pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools) Device \Driver\usbuhci \Device\USBPDO-0 8B0181F8 Device \Driver\usbuhci \Device\USBPDO-1 8B0181F8 Device \Driver\dmio \Device\DmControl\DmIoDaemon 8B0D51F8 Device \Driver\dmio \Device\DmControl\DmConfig 8B0D51F8 Device \Driver\dmio \Device\DmControl\DmPnP 8B0D51F8 Device \Driver\dmio \Device\DmControl\DmInfo 8B0D51F8 Device \Driver\usbuhci \Device\USBPDO-2 8B0181F8 Device \Driver\usbuhci \Device\USBPDO-3 8B0181F8 Device \Driver\usbehci \Device\USBPDO-4 8AF501F8 AttachedDevice \Driver\Tcpip \Device\Tcp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools) Device \Driver\Ftdisk \Device\HarddiskVolume1 8B14B1F8 Device \Driver\Ftdisk \Device\HarddiskVolume2 8B14B1F8 Device \Driver\Cdrom \Device\CdRom0 8AF341F8 Device \Driver\Ftdisk \Device\HarddiskVolume3 8B14B1F8 Device \Driver\Cdrom \Device\CdRom1 8AF341F8 Device \Driver\Ftdisk \Device\HarddiskVolume4 8B14B1F8 Device \Driver\Cdrom \Device\CdRom2 8AF341F8 Device \Driver\Ftdisk \Device\HarddiskVolume5 8B14B1F8 Device \Driver\sptd \Device\836195898 spgp.sys Device \Driver\Ftdisk \Device\HarddiskVolume6 8B14B1F8 Device \Driver\PCI_PNP2148 \Device\00000069 spgp.sys Device \Driver\Ftdisk \Device\HarddiskVolume7 8B14B1F8 Device \Driver\NetBT \Device\NetBt_Wins_Export 8A9011F8 Device \Driver\Ftdisk \Device\HarddiskVolume8 8B14B1F8 Device \Driver\NetBT \Device\NetbiosSmb 8A9011F8 AttachedDevice \Driver\Tcpip \Device\Udp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools) AttachedDevice \Driver\Tcpip \Device\RawIp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools) Device \Driver\usbuhci \Device\USBFDO-0 8B0181F8 Device \Driver\usbuhci \Device\USBFDO-1 8B0181F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89CC6500 Device \Driver\usbuhci \Device\USBFDO-2 8B0181F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 89CC6500 Device \Driver\usbuhci \Device\USBFDO-3 8B0181F8 Device \Driver\Ftdisk \Device\FtControl 8B14B1F8 Device \Driver\usbehci \Device\USBFDO-4 8AF501F8 Device \Driver\aoasg1bi \Device\Scsi\aoasg1bi1 8AF36500 Device \Driver\aoasg1bi \Device\Scsi\aoasg1bi1Port6Path0Target0Lun0 8AF36500 Device \FileSystem\Fastfat \Fat 89C06500 AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) Device \FileSystem\Cdfs \Cdfs 89BB41F8 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCE 0x1E 0x3E 0x98 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xC0 0x92 0x87 0x06 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xB3 0x30 0xF2 0xA0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x43 0xEA 0xBE 0xFE ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCE 0x1E 0x3E 0x98 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xC0 0x92 0x87 0x06 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xB3 0x30 0xF2 0xA0 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x43 0xEA 0xBE 0xFE ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x25 0x52 0x03 0x07 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xAA 0x28 0x12 0x54 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC0 0x68 0xDA 0xCD ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x43 0xEA 0xBE 0xFE ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG11.00.00.01WORKSTATION 48641732BF58E5223C4523609E4DD6453CA12C5AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79 33A6A0AC4980AC79338EDD5E5BE2F6E6675D575E7D6A3B9808D0194AED296BD235052CCECB566B2671A7E35FA9E3ADD9217CED94589EAB717D9552896C890388BE1D3020F6C93F06965910 98C3DE3312BA1ABBEFB1A8D866FDE0351A8DC2CB697F63AB038A2A501BDF5C946643B867CF8EADBFEECAE97741234D0F314F7802654789AD6ACEC06920B516611959FE473C3FEE6B5FDED3 56B6E50973B7169E64E00A52087BF1265A48267EAA339B1054F412ADF2410B2AC673E5D938CC2A0034B360175212024A76395FA3E86E8321128C714BCF48D3051D15671577C0353AB92A05 C3E8BCF4701609B927D7B46E39090A6A3F3FDD1F5235AFCEA60F1948BFBE05D7D76ABCA2AE1547AA3E78269D34C7E5B091C29E36D26A4AA98D2190D55411F5DCE9390AC6EED1F452328E16 B6C1DB8E18E39FDA489B9FDEA5DC1413B4148527BD9F7DCD03F0B1056F5F210CC266DC679C65DD96E6153A5D153C1242A16B70B444362168DAC89A62E6B7FDC2B078E0C459DDCA8B8AFAA4 28EFE70974BB1CAE2C61FED46BB75AF8694341342B4FA587F01327F9250B60CB9750AD2C3385BB1D94285C0A1C6462BCEB3014986855EB6FAAAD2FBC85A |
========================================================== Virustotal: Konnte leider folgende Datei nicht finden (Ansichtoptionen habe ich natürlich umgestellt): C:\WINDOWS\system32\1031f.ex Die Datei C:\WINDOWS\system32\27034f4e-s.exe sehe ich, kann sie jedoch nicht auf Virustotal uploaden, Fehlermeldung: 0 bytes size received / Se ha recibido un archivo vacio ========================================================== Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:46:25, on 22.03.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Creative\Shared Files\CTAudSvc.exe C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programme\Nuance\PDF Professional 5\PDFProFiltSrv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Communicator\xcommsvr.exe C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\CTXFIHLP.EXE C:\WINDOWS\system32\CTHELPER.EXE C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\Programme\Microsoft ActiveSync\wcescomm.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Programme\Logitech\SetPoint\SetPoint.exe C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.EXE C:\Programme\Nuance\PDF Professional 5\pdfpro5hook.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\Internet Explorer\iexplore.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Programme\Internet Explorer\iexplore.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Programme\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: ZeonIEEventHelper Class - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Programme\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Programme\BitDefender\BitDefender 2008\IEToolbar.dll O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Programme\BitDefender\BitDefender 2008\IEShow.exe" O4 - HKLM\..\Run: [BDWizReg] "C:\Programme\BitDefender\BitDefender 2009\bdwizreg.exe" /complete O4 - HKLM\..\Run: [BDAgent] "C:\Programme\BitDefender\BitDefender 2008\bdagent.exe" O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: An vorhandene PDF-Datei anhängen - res://C:\Programme\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML O8 - Extra context menu item: Inhalt der ausgewählten Links an vorhandene PDF-Datei anhängen - res://C:\Programme\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML O8 - Extra context menu item: Linkinhalt an vorhandene PDF-Datei anhängen - res://C:\Programme\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML O8 - Extra context menu item: Mit Nuance PDF Converter 5.0 öffnen - res://C:\Programme\Nuance\PDF Professional 5\cnvres_ger.dll /100 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: PDF-Datei aus Linkinhalt erstellen - res://C:\Programme\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML O8 - Extra context menu item: PDF-Datei erstellen - res://C:\Programme\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML O8 - Extra context menu item: PDF-Dateien aus den ausgewählten Links erstellen - res://C:\Programme\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/german/partner/de/kavwebscan_unicode.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.de/scan_de/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1199570029031 O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15106/CTPID.cab O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\CTAELicensing.exe O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Programme\Creative\Shared Files\CTAudSvc.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe O23 - Service: Nero MediaHome 4 Service (NeroMediaHomeService.4) - Nero AG - C:\Programme\Nero\Nero MediaHome 4\NMMediaServerService.exe O23 - Service: Net.Tcp Port Sharing Service NetTcpPortSharingNMIndexingService (NetTcpPortSharingNMIndexingService) - Unknown owner - C:\WINDOWS\system32\27034f4e-s.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: PDFProFiltSrv - Nuance Communications, Inc. - C:\Programme\Nuance\PDF Professional 5\PDFProFiltSrv.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programme\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programme\Spyware Doctor\pctsSvc.exe O23 - Service: Designs ThemesShellHWDetection (ThemesShellHWDetection) - Unknown owner - C:\WINDOWS\system32\1031f.exe (file missing) O23 - Service: ThreatFire - PC Tools - C:\Programme\Spyware Doctor\TFEngine\TFService.exe O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Programme\BitDefender\BitDefender 2008\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Communicator\xcommsvr.exe -- End of file - 11631 bytes Vielen Dank! |
hallo nochmals, also habe mich nochmal mit dem thema virustotal beschäftigt und versucht die datei 27034f4e-s.exe im system 32 ordner auf den desktop zu verschieben und von dort aus zu scannen, gelingt jedoch alles nicht, kann nicht auf diese datei auch nur ansatzsweise zugreifen! :aufsmaul: die chancen stehen doch gut dass es sich bei dieser datei um malware handelt oder`? thx |
So Leute, sorry fürs spammen aber habe es nun geschafft die 27034f4e-s.exe zu scannen!! habe mit dem programm usedfiles von regrun die prozesse durchgeguckt und da war dieses exe file unter system prozess angeführt, habe ihn dann sofort beendet und dann ging es mit dem scan auf virustotal. mit einem, wie ich finde verheerendem ergebnis: Antivirus Version letzte aktualisierung Ergebnis a-squared 4.0.0.101 2009.03.22 - AhnLab-V3 5.0.0.2 2009.03.22 Win-Trojan/Agent.35328.JP AntiVir 7.9.0.120 2009.03.21 TR/Crypt.ZPACK.Gen Authentium 5.1.2.4 2009.03.22 - Avast 4.8.1335.0 2009.03.21 - AVG 8.5.0.283 2009.03.21 Win32/Heur BitDefender 7.2 2009.03.22 - CAT-QuickHeal 10.00 2009.03.21 (Suspicious) - DNAScan ClamAV 0.94.1 2009.03.22 - Comodo 1080 2009.03.22 - DrWeb 4.44.0.09170 2009.03.22 - eSafe 7.0.17.0 2009.03.19 Suspicious File eTrust-Vet 31.6.6409 2009.03.20 - F-Prot 4.4.4.56 2009.03.22 - F-Secure 8.0.14470.0 2009.03.22 - Fortinet 3.117.0.0 2009.03.22 - GData 19 2009.03.22 - Ikarus T3.1.1.48.0 2009.03.22 - K7AntiVirus 7.10.678 2009.03.21 Trojan.Win32.Malware.1 Kaspersky 7.0.0.125 2009.03.22 - McAfee 5561 2009.03.22 - McAfee+Artemis 5561 2009.03.22 Generic!Artemis McAfee-GW-Edition 6.7.6 2009.03.21 Trojan.Crypt.ZPACK.Gen Microsoft 1.4502 2009.03.22 - NOD32 3953 2009.03.21 - Norman 6.00.06 2009.03.20 - nProtect 2009.1.8.0 2009.03.22 - Panda 10.0.0.10 2009.03.22 - PCTools 4.4.2.0 2009.03.22 - Prevx1 V2 2009.03.22 - Rising 21.21.62.00 2009.03.22 - Sophos 4.39.0 2009.03.22 Mal/EncPk-HE Sunbelt 3.2.1858.2 2009.03.22 - Symantec 1.4.4.12 2009.03.22 - TheHacker 6.3.3.3.287 2009.03.22 - TrendMicro 8.700.0.1004 2009.03.22 - VBA32 3.12.10.1 2009.03.22 - ViRobot 2009.3.20.1658 2009.03.20 - VirusBuster 4.6.5.0 2009.03.22 - weitere Informationen File size: 35328 bytes MD5...: 21eb82a933814c354eb25bd5d8a1eaea SHA1..: cf6d41c2cb24922a9b5481d7e7aa9ef202f6ef77 SHA256: b25b130398e07aeaf81672da1f36c2f3aeffa85981c1426698e3edebfa6ec9a8 SHA512: 3de0dfe6e93a95a2e1cb45aae1f7eddb2981c3e08785fe11f7a476d7276f82bd<br>1d150d5decf4be986fb5e536760b853aee295cdf13c2285e332f82983b6228e5 ssdeep: 768:Qwh83HQdmCTypqAOj2niEiaZhZL1PlO61bBoQMMs91RWK:Q8WwbiTiEiqhlZ<br>lBpCQnuWK<br> PEiD..: - TrID..: File type identification<br>Win64 Executable Generic (88.0%)<br>Win32 Dynamic Link Library (generic) (7.8%)<br>Generic Win/DOS Executable (2.0%)<br>DOS Executable Generic (2.0%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x1000<br>timedatestamp.....: 0x49b79a61 (Wed Mar 11 11:02:57 2009)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0xad6e 0x5600 7.92 fc0e663311de38582a0580c60cca28a0<br>.lrdxx 0xc000 0x28bd 0x2a00 7.26 819db6dbdbc48aa0d820cef890e055b1<br>.idata 0xf000 0x186 0x200 3.29 aa08213d82becfddbdbd4cb02ee96f02<br>.rsrc 0x10000 0x39c 0x400 3.10 43163efd4b0fc375a8ac19dcb65407e2<br><br>( 4 imports ) <br>> ADVAPI32.dll: CryptSetProvParam, CryptEncrypt, NotifyChangeEventLog<br>> GDI32.dll: Pie, GetICMProfileW, SetWindowExtEx<br>> CRYPT32.dll: CryptUnregisterOIDFunction<br>> KERNEL32.dll: GetLastError<br><br>( 0 exports ) <br> weitere Informationen File size: 35328 bytes MD5...: 21eb82a933814c354eb25bd5d8a1eaea SHA1..: cf6d41c2cb24922a9b5481d7e7aa9ef202f6ef77 SHA256: b25b130398e07aeaf81672da1f36c2f3aeffa85981c1426698e3edebfa6ec9a8 SHA512: 3de0dfe6e93a95a2e1cb45aae1f7eddb2981c3e08785fe11f7a476d7276f82bd 1d150d5decf4be986fb5e536760b853aee295cdf13c2285e332f82983b6228e5 ssdeep: 768:Qwh83HQdmCTypqAOj2niEiaZhZL1PlO61bBoQMMs91RWK:Q8WwbiTiEiqhlZ lBpCQnuWK PEiD..: - TrID..: File type identification Win64 Executable Generic (88.0%) Win32 Dynamic Link Library (generic) (7.8%) Generic Win/DOS Executable (2.0%) DOS Executable Generic (2.0%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x1000 timedatestamp.....: 0x49b79a61 (Wed Mar 11 11:02:57 2009) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0xad6e 0x5600 7.92 fc0e663311de38582a0580c60cca28a0 .lrdxx 0xc000 0x28bd 0x2a00 7.26 819db6dbdbc48aa0d820cef890e055b1 .idata 0xf000 0x186 0x200 3.29 aa08213d82becfddbdbd4cb02ee96f02 .rsrc 0x10000 0x39c 0x400 3.10 43163efd4b0fc375a8ac19dcb65407e2 ( 4 imports ) > ADVAPI32.dll: CryptSetProvParam, CryptEncrypt, NotifyChangeEventLog > GDI32.dll: Pie, GetICMProfileW, SetWindowExtEx > CRYPT32.dll: CryptUnregisterOIDFunction > KERNEL32.dll: GetLastError ( 0 exports ) Erkennt ihr sonst noch etwas in meinen log files, wie kann ich dieses ding am besten entfernen? |
Datei acleditq.exe empfangen 2009.03.22 21:14:37 (CET) Antivirus Version letzte aktualisierung Ergebnis a-squared 4.0.0.101 2009.03.22 Backdoor.Win32.Momibot!IK AhnLab-V3 5.0.0.2 2009.03.22 - AntiVir 7.9.0.120 2009.03.22 TR/Crypt.XPACK.Gen Authentium 5.1.2.4 2009.03.22 - Avast 4.8.1335.0 2009.03.21 Win32:Trojan-gen {Other} AVG 8.5.0.283 2009.03.22 Win32/Heur BitDefender 7.2 2009.03.22 - CAT-QuickHeal 10.00 2009.03.21 Backdoor.Momibot.b ClamAV 0.94.1 2009.03.22 - Comodo 1080 2009.03.22 Unclassified Malware DrWeb 4.44.0.09170 2009.03.22 - eSafe 7.0.17.0 2009.03.19 Win32.heur eTrust-Vet 31.6.6409 2009.03.20 - F-Prot 4.4.4.56 2009.03.22 - F-Secure 8.0.14470.0 2009.03.22 - Fortinet 3.117.0.0 2009.03.22 - GData 19 2009.03.22 Win32:Trojan-gen {Other} Ikarus T3.1.1.48.0 2009.03.22 Backdoor.Win32.Momibot K7AntiVirus 7.10.678 2009.03.21 Trojan.Win32.Malware.1 Kaspersky 7.0.0.125 2009.03.22 - McAfee 5561 2009.03.22 - McAfee+Artemis 5561 2009.03.22 Generic!Artemis McAfee-GW-Edition 6.7.6 2009.03.22 Trojan.Crypt.XPACK.Gen Microsoft 1.4502 2009.03.22 Backdoor:Win32/Momibot.gen!B NOD32 3953 2009.03.21 probably a variant of Win32/Agent Norman 6.00.06 2009.03.20 - nProtect 2009.1.8.0 2009.03.22 - Panda 10.0.0.10 2009.03.22 Generic Malware PCTools 4.4.2.0 2009.03.22 - Prevx1 V2 2009.03.22 - Rising 21.21.62.00 2009.03.22 Trojan.Win32.Mnless.efo Sophos 4.39.0 2009.03.22 Mal/EncPk-HE Sunbelt 3.2.1858.2 2009.03.22 - Symantec 1.4.4.12 2009.03.22 Trojan Horse TheHacker 6.3.3.3.287 2009.03.22 - TrendMicro 8.700.0.1004 2009.03.22 - VBA32 3.12.10.1 2009.03.22 - ViRobot 2009.3.20.1658 2009.03.20 - VirusBuster 4.6.5.0 2009.03.22 - weitere Informationen File size: 34304 bytes MD5...: 6a9850e507730c9f8076ae3bfcf71d93 SHA1..: 25929b2c3684faac43251e3b52cb5d092d1efaea SHA256: 800cc94593c30f268042db6a22ce6e2be7641d9279e9a354f3203914796bbc5a SHA512: 4e46803701ac3ebe5ed96892c9bffc8a6e5da07719e41370bb83b1b01b54278d<br>54df46ead99c1eaac03d6db5693d6406166c4665470f887be04a800196bb9924 ssdeep: 768:nFb6ATwxdK19sKcZXOXa9/JfspajoRelc7:nFQGbsKcZXOXa9/Jzjo2c7<br> PEiD..: - TrID..: File type identification<br>Win64 Executable Generic (88.0%)<br>Win32 Dynamic Link Library (generic) (7.8%)<br>Generic Win/DOS Executable (2.0%)<br>DOS Executable Generic (2.0%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x5e00<br>timedatestamp.....: 0x49521a02 (Wed Dec 24 11:16:18 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0xb508 0x5e00 7.98 19eac0b6f7a57a6befcb92c835b51f5c<br>.rdtzf 0xd000 0x1db4 0x1e00 7.42 7cebc1edd951ec647dbb7bb4dffd2845<br>.idata 0xf000 0x17a 0x200 3.28 d71e6f49af895ae5f05fb54cf8ba7d27<br>.rsrc 0x10000 0x390 0x400 3.12 5e418f86445846c975d5f89918a9cfb7<br><br>( 3 imports ) <br>> ADVAPI32.dll: GetNumberOfEventLogRecords, CryptGenKey, AdjustTokenPrivileges<br>> GDI32.dll: PatBlt, SetDCPenColor, SetWorldTransform, GetMapMode, AddFontMemResourceEx<br>> KERNEL32.dll: GetLastError<br><br>( 0 exports ) <br> CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=6a9850e507730c9f8076ae3bfcf71d93' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=6a9850e507730c9f8076ae3bfcf71d93</a> weitere Informationen File size: 34304 bytes MD5...: 6a9850e507730c9f8076ae3bfcf71d93 SHA1..: 25929b2c3684faac43251e3b52cb5d092d1efaea SHA256: 800cc94593c30f268042db6a22ce6e2be7641d9279e9a354f3203914796bbc5a SHA512: 4e46803701ac3ebe5ed96892c9bffc8a6e5da07719e41370bb83b1b01b54278d 54df46ead99c1eaac03d6db5693d6406166c4665470f887be04a800196bb9924 ssdeep: 768:nFb6ATwxdK19sKcZXOXa9/JfspajoRelc7:nFQGbsKcZXOXa9/Jzjo2c7 PEiD..: - TrID..: File type identification Win64 Executable Generic (88.0%) Win32 Dynamic Link Library (generic) (7.8%) Generic Win/DOS Executable (2.0%) DOS Executable Generic (2.0%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x5e00 timedatestamp.....: 0x49521a02 (Wed Dec 24 11:16:18 2008) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0xb508 0x5e00 7.98 19eac0b6f7a57a6befcb92c835b51f5c .rdtzf 0xd000 0x1db4 0x1e00 7.42 7cebc1edd951ec647dbb7bb4dffd2845 .idata 0xf000 0x17a 0x200 3.28 d71e6f49af895ae5f05fb54cf8ba7d27 .rsrc 0x10000 0x390 0x400 3.12 5e418f86445846c975d5f89918a9cfb7 ( 3 imports ) > ADVAPI32.dll: GetNumberOfEventLogRecords, CryptGenKey, AdjustTokenPrivileges > GDI32.dll: PatBlt, SetDCPenColor, SetWorldTransform, GetMapMode, AddFontMemResourceEx > KERNEL32.dll: GetLastError ( 0 exports ) CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=6a9850e507730c9f8076ae3bfcf71d93' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=6a9850e507730c9f8076ae3bfcf71d93</a> gleiches prozedere wie vorhin! :snyper: |
Hi, du hast dir offensichtlich einen Backdoor eingefangen, das heißt Fremde haben sich Zugang zu deinem Rechner verschafft. Du solltest auf jedenfall alle Passwörter von einem sauberen Rechner aus ändern. Die sicherste Variante bei einem derartigen Befall wäre es das System neuaufzusetzen. Wenn du das nicht tun willst, können wir eine Bereinigung versuchen, es bleibt jedoch ein gewisses Risiko, dass das System weiterhin kompromittiert bleibt. Wie entscheidest du dich? Wenn du bereinigen willst, poste bitte noch ein Log von RSIT:
Ich werde derweil mal gucken, was sich alles aus den Logs lesen lässt. lg myrtille |
Hi myrtille, habe ich mir fast gedacht, welche passwörter meinst du genau, nur die vom system oder alle die ich für sonstige websites etc. nutze? Ich habe nun mal vorsorglich acleditq.exe+acledit.dll+acelpdec.ax und 27034f4e-s.exe gelöscht (papierkorb verschoben) und die einträge in der registry unter "image excecution files options" tauchen auch nach resarts nicht mehr auf, weiters findet spybot und Malwarebytes' Anti-Malware keine einträge mehr! Habe nun auch wieder Bitdefender Total Security 2008 vollständig (inkl. Firewall zum laufen gebracht). :daumenhoc Gehe auch über nen Router mit Firewall ins Netz. Will auf jeden Fall versuchen das System zu retten, will erst neu installieren wenn Windows 7 da ist. :) Vielen Dank für Deine Hilfe! :dankeschoen: Hier die Logs: Logfile of random's system information tool 1.06 (written by random/random) Run by Marcus at 2009-03-22 23:13:01 Microsoft Windows XP Professional Service Pack 3 System drive C: has 11 GB (23%) free of 50 GB Total RAM: 3071 MB (81% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:13:02, on 22.03.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Creative\Shared Files\CTAudSvc.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Communicator\xcommsvr.exe C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe C:\Programme\BitDefender\BitDefender 2008\vsserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\CTXFIHLP.EXE C:\WINDOWS\system32\CTHELPER.EXE C:\Programme\BitDefender\BitDefender 2008\bdagent.exe C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\Programme\Microsoft ActiveSync\wcescomm.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe C:\Programme\Logitech\SetPoint\SetPoint.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.EXE C:\Programme\Mozilla Firefox\firefox.exe C:\Dokumente und Einstellungen\Marcus\Desktop\RSIT.exe C:\Programme\Trend Micro\HijackThis\Marcus.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: ZeonIEEventHelper Class - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Programme\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Programme\BitDefender\BitDefender 2008\IEToolbar.dll O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Programme\BitDefender\BitDefender 2008\IEShow.exe" O4 - HKLM\..\Run: [BDWizReg] "C:\Programme\BitDefender\BitDefender 2009\bdwizreg.exe" /complete O4 - HKLM\..\Run: [BDAgent] "C:\Programme\BitDefender\BitDefender 2008\bdagent.exe" O4 - HKLM\..\Run: [RegRun WinBait] C:\WINDOWS\winbait.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: An vorhandene PDF-Datei anhängen - res://C:\Programme\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML O8 - Extra context menu item: Inhalt der ausgewählten Links an vorhandene PDF-Datei anhängen - res://C:\Programme\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML O8 - Extra context menu item: Linkinhalt an vorhandene PDF-Datei anhängen - res://C:\Programme\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML O8 - Extra context menu item: Mit Nuance PDF Converter 5.0 öffnen - res://C:\Programme\Nuance\PDF Professional 5\cnvres_ger.dll /100 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: PDF-Datei aus Linkinhalt erstellen - res://C:\Programme\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML O8 - Extra context menu item: PDF-Datei erstellen - res://C:\Programme\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML O8 - Extra context menu item: PDF-Dateien aus den ausgewählten Links erstellen - res://C:\Programme\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/german/partner/de/kavwebscan_unicode.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.de/scan_de/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1199570029031 O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15106/CTPID.cab O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\CTAELicensing.exe O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Programme\Creative\Shared Files\CTAudSvc.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe O23 - Service: Nero MediaHome 4 Service (NeroMediaHomeService.4) - Nero AG - C:\Programme\Nero\Nero MediaHome 4\NMMediaServerService.exe O23 - Service: Net.Tcp Port Sharing Service NetTcpPortSharingNMIndexingService (NetTcpPortSharingNMIndexingService) - Unknown owner - C:\WINDOWS\system32\27034f4e-s.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: PDFProFiltSrv - Nuance Communications, Inc. - C:\Programme\Nuance\PDF Professional 5\PDFProFiltSrv.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programme\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programme\Spyware Doctor\pctsSvc.exe O23 - Service: Designs ThemesShellHWDetection (ThemesShellHWDetection) - Unknown owner - C:\WINDOWS\system32\1031f.exe (file missing) O23 - Service: ThreatFire - PC Tools - C:\Programme\Spyware Doctor\TFEngine\TFService.exe O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: Universeller Plug & Play-Gerätehost upnphostscan (upnphostscan) - Unknown owner - C:\WINDOWS\system32\acleditq.exe (file missing) O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Programme\BitDefender\BitDefender 2008\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Communicator\xcommsvr.exe -- End of file - 11453 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\1-Klick-Wartung.job C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9}] ZeonIEEventHelper Class - C:\Programme\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll [2008-02-20 299008] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Programme\BitDefender\BitDefender 2008\IEToolbar.dll [2008-02-28 86016] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112] "nwiz"=nwiz.exe /install [] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-02-18 86016] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-02-18 13680640] "Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304] "CTxfiHlp"=C:\WINDOWS\system32\CTXFIHLP.EXE [2008-10-07 23552] "CTHelper"=C:\WINDOWS\system32\CTHELPER.EXE [2008-06-27 19456] "BitDefender Antiphishing Helper"=C:\Programme\BitDefender\BitDefender 2008\IEShow.exe [2007-10-09 61440] "BDWizReg"=C:\Programme\BitDefender\BitDefender 2009\bdwizreg.exe /complete [] "BDAgent"=C:\Programme\BitDefender\BitDefender 2008\bdagent.exe [2008-09-04 368640] "RegRun WinBait"=C:\WINDOWS\winbait.exe [2008-12-22 20192] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "H/PC Connection Agent"=C:\Programme\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\@RegRunOnSecure] C:\PROGRA~1\Greatis\REGRUN~1\OnSecure.exe [2008-12-22 61664] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch] C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe [2009-03-20 515416] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\alonlrtq] C:\WINDOWS\system32\vwnqtkzc.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2005-02-16 221184] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe [2005-02-16 81920] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe [2009-02-11 399504] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Programme\Messenger\msmsgs.exe [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero MediaHome 4] C:\Programme\Nero\Nero MediaHome 4\NeroMediaHome.exe [2008-12-12 4584744] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF5 Registry Controller] C:\Programme\Nuance\PDF Professional 5\RegistryController.exe [2008-02-27 58656] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFHook] C:\Programme\Nuance\PDF Professional 5\pdfpro5hook.exe [2008-02-27 795936] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Programme\QuickTime\qttask.exe [2008-09-06 413696] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Registry] C:\Programme\Greatis\RegRunSuite\lsoon.exe [2008-12-22 669408] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegRun WinBait] C:\WINDOWS\winbait.exe [2008-12-22 20192] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Regrun2] C:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe [2008-12-22 384224] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC] C:\Programme\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [2008-12-13 306088] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2007-03-26 210472] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Programme\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-02-17 1830128] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe [2008-02-24 185896] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VolPanel] C:\Programme\Creative\Volume Panel\VolPanlu.exe [2008-08-06 233576] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vwnqtkzc] C:\WINDOWS\system32\vwnqtkzc.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^ASUS WiFi-AP Solo.lnk] C:\PROGRA~1\ASUSWI~1\RtWLan.exe [2006-09-05 995328] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Sonic CinePlayer Quick Launch.lnk] C:\PROGRA~1\GEMEIN~1\SONICS~1\CineTray.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "PnkBstrB"=3 "PnkBstrA"=3 "Nero BackItUp Scheduler 3"=2 "MsSecurity1.209.4"=2 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart BTTray.lnk - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe Logitech SetPoint.lnk - C:\Programme\Logitech\SetPoint\SetPoint.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon] C:\Programme\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn] c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll [2008-05-02 72208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Programme\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "authentication packages"=msv1_0 C:\WINDOWS\system32\pmnmnNgH [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 |
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000" "C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019" "C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\Programme\Messenger\msmsgs.exe"="C:\Programme\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "D:\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe"="D:\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)" "D:\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe"="D:\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)" "D:\AC\AssassinsCreed_Dx9.exe"="D:\AC\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9" "D:\AC\AssassinsCreed_Dx10.exe"="D:\AC\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10" "D:\AC\AssassinsCreed_Launcher.exe"="D:\AC\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update" "D:\RainbowSix_Vegas 2\Binaries\R6Vegas2_Game.exe"="D:\RainbowSix_Vegas 2\Binaries\R6Vegas2_Game.exe:*:Enabled:Tom Clancy's Rainbow Six Vegas 2" "D:\RainbowSix_Vegas 2\Binaries\R6Vegas2_Launcher.exe"="D:\RainbowSix_Vegas 2\Binaries\R6Vegas2_Launcher.exe:*:Enabled:Tom Clancy's Rainbow Six Vegas 2 Update" "D:\Grid\GRID.exe"="D:\Grid\GRID.exe:*:Enabled:GRID" "D:\Mass Effect\Binaries\MassEffect.exe"="D:\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game" "D:\Mass Effect\MassEffectLauncher.exe"="D:\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "E:\Call of Duty - World at War\CoDWaWmp.exe"="E:\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM)" "E:\Call of Duty - World at War\CoDWaW.exe"="E:\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM)" "C:\Programme\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe"="C:\Programme\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club" "E:\GTA IV\Grand Theft Auto IV\LaunchGTAIV.exe"="E:\GTA IV\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV" "C:\Programme\Microsoft ActiveSync\rapimgr.exe"="C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\Programme\Microsoft ActiveSync\wcescomm.exe"="C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\Programme\Microsoft ActiveSync\WCESMgr.exe"="C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" "D:\MirrorsEdge\Binaries\MirrorsEdge.exe"="D:\MirrorsEdge\Binaries\MirrorsEdge.exe:*:Enabled:Mirror's Edge™" "D:\Tom Clancy's EndWar\Binaries\EndWar.exe"="D:\Tom Clancy's EndWar\Binaries\EndWar.exe:*:Enabled:Tom Clancy's EndWar" "D:\Tom Clancy's EndWar\Tom Clancy's EndWar Launcher.exe"="D:\Tom Clancy's EndWar\Tom Clancy's EndWar Launcher.exe:*:Enabled:Tom Clancy's EndWar Launcher" "C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour" "C:\Programme\Nero\Nero MediaHome 4\NMMediaServerService.exe"="C:\Programme\Nero\Nero MediaHome 4\NMMediaServerService.exe:*:Disabled:Nero MediaHome 4" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Programme\Microsoft ActiveSync\rapimgr.exe"="C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\Programme\Microsoft ActiveSync\wcescomm.exe"="C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\Programme\Microsoft ActiveSync\WCESMgr.exe"="C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K] shell\AutoRun\command - K:\Ctrun\Start.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L] shell\AutoRun\command - L:\Autorun.exe ======List of files/folders created in the last 1 months====== 2009-03-22 23:13:01 ----D---- C:\rsit 2009-03-22 11:59:58 ----D---- C:\Programme\Sophos 2009-03-22 11:22:04 ----D---- C:\Programme\Blacklight 2009-03-20 21:56:03 ----A---- C:\WINDOWS\system32\lsdelete.exe 2009-03-20 21:33:33 ----D---- C:\Programme\Lavasoft 2009-03-20 21:33:33 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft 2009-03-20 20:09:41 ----D---- C:\Programme\Smart PC Solutions 2009-03-20 20:09:21 ----HDC---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{83C91755-2546-441D-AC40-9A6B4B860800} 2009-03-20 19:24:23 ----A---- C:\stinger10000482.exe 2009-03-20 14:46:19 ----A---- C:\WINDOWS\lsoon.ini 2009-03-20 14:24:31 ----A---- C:\WINDOWS\Partizan.txt 2009-03-20 14:23:25 ----A---- C:\WINDOWS\system32\PARTIZAN.TXT 2009-03-20 14:16:54 ----RASHOT---- C:\WINDOWS\winstart.bat 2009-03-20 14:16:11 ----A---- C:\WINDOWS\system32\Partizan.exe 2009-03-20 14:16:10 ----D---- C:\Dokumente und Einstellungen\Marcus\Anwendungsdaten\Regrun 2009-03-20 14:16:10 ----D---- C:\backreg 2009-03-20 14:15:57 ----A---- C:\WINDOWS\WinBait.exe 2009-03-20 14:15:57 ----A---- C:\WINDOWS\RunGuard.exe 2009-03-20 14:15:55 ----D---- C:\Programme\Greatis 2009-03-20 00:09:52 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com 2009-03-20 00:09:48 ----D---- C:\Programme\SUPERAntiSpyware 2009-03-20 00:09:48 ----D---- C:\Dokumente und Einstellungen\Marcus\Anwendungsdaten\SUPERAntiSpyware.com 2009-03-19 18:00:48 ----AD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP 2009-03-19 18:00:43 ----D---- C:\Programme\Gemeinsame Dateien\PC Tools 2009-03-19 18:00:41 ----D---- C:\Programme\Spyware Doctor 2009-03-19 18:00:41 ----D---- C:\Dokumente und Einstellungen\Marcus\Anwendungsdaten\PC Tools 2009-03-19 18:00:41 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Tools 2009-03-19 17:48:59 ----D---- C:\VundoFix Backups 2009-03-19 17:48:59 ----A---- C:\VundoFix.txt 2009-03-19 17:27:01 ----D---- C:\WINDOWS\ERUNT 2009-03-19 17:22:47 ----D---- C:\SDFix 2009-03-19 15:41:45 ----D---- C:\Dokumente und Einstellungen\Marcus\Anwendungsdaten\Malwarebytes 2009-03-19 15:41:36 ----D---- C:\Programme\Malwarebytes' Anti-Malware 2009-03-19 15:41:36 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2009-03-19 15:10:32 ----D---- C:\Programme\Safer Networking 2009-03-18 18:29:15 ----A---- C:\WINDOWS\ntbtlog.txt 2009-03-18 17:25:10 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-03-18 16:32:31 ----D---- C:\Dokumente und Einstellungen\Marcus\Anwendungsdaten\Bitdefender 2009-03-18 16:31:38 ----D---- C:\Programme\BitDefender 2009-03-18 16:31:38 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BitDefender 2009-03-18 16:31:14 ----D---- C:\Programme\Gemeinsame Dateien\BitDefender 2009-03-18 16:18:13 ----D---- C:\Programme\Trend Micro 2009-03-18 16:03:02 ----D---- C:\Dokumente und Einstellungen\Marcus\Anwendungsdaten\QuickScan 2009-03-18 14:21:47 ----D---- C:\WINDOWS\BDOSCAN8 2009-03-17 22:43:25 ----D---- C:\WINDOWS\SxsCaPendDel 2009-03-17 20:43:34 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab 2009-03-17 20:43:33 ----D---- C:\WINDOWS\system32\Kaspersky Lab 2009-03-14 19:24:57 ----D---- C:\Dokumente und Einstellungen\Marcus\Anwendungsdaten\The Creative Assembly 2009-03-14 19:24:20 ----A---- C:\WINDOWS\system32\D3DX9_40.dll 2009-03-12 17:43:42 ----D---- C:\NVIDIA 2009-03-11 23:38:27 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$ 2009-03-11 23:38:21 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$ 2009-03-11 23:38:02 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$ 2009-03-10 02:47:11 ----RA---- C:\WINDOWS\system32\SET17E.tmp 2009-03-10 01:56:55 ----A---- C:\WINDOWS\system32\cttele32.dll 2009-03-10 01:22:59 ----A---- C:\CTSUFile.txt 2009-03-10 01:08:00 ----D---- C:\Programme\Gemeinsame Dateien\Creative Labs Shared 2009-03-10 00:40:31 ----N---- C:\WINDOWS\Ctregrun.exe 2009-03-10 00:39:42 ----N---- C:\WINDOWS\Updreg.EXE 2009-03-10 00:35:15 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Creative 2009-03-10 00:16:00 ----A---- C:\WINDOWS\sfbm.INI 2009-03-10 00:13:35 ----D---- C:\Programme\Driver Cleaner Pro 2009-03-09 23:30:50 ----A---- C:\WINDOWS\INRES.DLL 2009-03-09 23:26:21 ----RA---- C:\WINDOWS\system32\tmp65.tmp 2009-03-09 23:26:14 ----A---- C:\WINDOWS\system32\sfms32.dll 2009-03-09 23:26:06 ----A---- C:\WINDOWS\system32\ac3api.dll 2009-03-09 23:21:21 ----A---- C:\WINDOWS\CoolPlay.ini 2009-03-08 17:39:58 ----D---- C:\WINDOWS\system32\Lang 2009-03-08 17:37:14 ----A---- C:\WINDOWS\system32\RtkCoInstXP.dll 2009-03-07 21:43:22 ----D---- C:\Dokumente und Einstellungen\Marcus\Anwendungsdaten\nView_Wallpaper 2009-03-07 21:04:42 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\nView_Profiles 2009-02-25 19:39:52 ----D---- C:\Programme\Medieval Software 2009-02-25 17:58:17 ----A---- C:\WINDOWS\system32\XAudio2_2.dll 2009-02-25 17:58:17 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll 2009-02-25 17:58:16 ----A---- C:\WINDOWS\system32\xactengine3_2.dll 2009-02-25 17:58:15 ----A---- C:\WINDOWS\system32\d3dx10_39.dll 2009-02-25 17:58:15 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll 2009-02-25 17:58:14 ----A---- C:\WINDOWS\system32\D3DX9_39.dll 2009-02-25 17:13:27 ----A---- C:\WINDOWS\NeroDigital.ini 2009-02-25 16:41:23 ----D---- C:\Dokumente und Einstellungen\Marcus\Anwendungsdaten\Nero 2009-02-25 16:29:30 ----A---- C:\WINDOWS\Irremote.ini 2009-02-25 16:27:03 ----D---- C:\Programme\Windows Sidebar 2009-02-25 16:10:46 ----D---- C:\Programme\Gemeinsame Dateien\Nero 2009-02-25 16:01:37 ----HDC---- C:\WINDOWS\$NtUninstallXPSEPSCLP$ 2009-02-25 15:50:18 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$ ======List of files/folders modified in the last 1 months====== 2009-03-22 23:13:02 ----D---- C:\WINDOWS\Prefetch 2009-03-22 23:12:09 ----D---- C:\WINDOWS\Temp 2009-03-22 23:10:00 ----D---- C:\Programme\Mozilla Firefox 2009-03-22 22:17:07 ----D---- C:\WINDOWS\system32 2009-03-22 22:12:38 ----A---- C:\WINDOWS\bdagent.INI 2009-03-22 22:02:44 ----D---- C:\WINDOWS 2009-03-22 22:00:56 ----SHD---- C:\WINDOWS\Installer 2009-03-22 22:00:56 ----HD---- C:\Config.Msi 2009-03-22 22:00:41 ----HD---- C:\WINDOWS\inf 2009-03-22 22:00:41 ----D---- C:\WINDOWS\system32\drivers 2009-03-22 22:00:32 ----D---- C:\WINDOWS\system32\CatRoot2 2009-03-22 21:36:56 ----D---- C:\WINDOWS\system32\Restore 2009-03-22 21:20:32 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-03-22 20:54:22 ----SD---- C:\WINDOWS\Tasks 2009-03-22 11:59:58 ----RD---- C:\Programme 2009-03-22 11:16:38 ----SHD---- C:\WINDOWS\CSC 2009-03-20 22:54:23 ----SHD---- C:\System Volume Information 2009-03-20 22:41:24 ----ASH---- C:\boot.ini 2009-03-20 22:41:24 ----A---- C:\WINDOWS\win.ini 2009-03-20 22:41:24 ----A---- C:\WINDOWS\system.ini 2009-03-20 22:02:18 ----DC---- C:\WINDOWS\system32\DRVSTORE 2009-03-20 21:56:00 ----D---- C:\WINDOWS\Transcend JetFlash Recovery Tool 2009-03-20 21:56:00 ----D---- C:\WINDOWS\Left 4 Dead 2009-03-20 21:33:29 ----D---- C:\WINDOWS\WinSxS 2009-03-20 21:20:40 ----D---- C:\WINDOWS\security 2009-03-20 21:07:24 ----HD---- C:\WINDOWS\system32\GroupPolicy 2009-03-20 14:46:20 ----D---- C:\WINDOWS\system32\config 2009-03-20 00:09:36 ----D---- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard 2009-03-19 18:00:43 ----D---- C:\Programme\Gemeinsame Dateien 2009-03-19 17:39:00 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy 2009-03-18 16:51:17 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help 2009-03-18 15:53:36 ----D---- C:\Programme\Spybot - Search & Destroy 2009-03-18 15:18:49 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan 2009-03-18 14:21:50 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-03-18 13:50:45 ----D---- C:\WINDOWS\Minidump 2009-03-18 13:50:45 ----D---- C:\WINDOWS\Debug 2009-03-17 23:17:57 ----D---- C:\Programme\CCleaner 2009-03-17 21:45:58 ----D---- C:\Programme\Windows Installer Clean Up 2009-03-17 20:55:08 ----D---- C:\Dokumente und Einstellungen 2009-03-12 22:38:26 ----D---- C:\WINDOWS\nview 2009-03-12 22:36:18 ----D---- C:\WINDOWS\Help 2009-03-12 22:36:05 ----D---- C:\WINDOWS\system32\ReinstallBackups 2009-03-12 16:30:48 ----D---- C:\Programme\Windows Media Player 2009-03-11 15:59:18 ----D---- C:\WINDOWS\system32\CatRoot 2009-03-11 15:57:25 ----HD---- C:\WINDOWS\$hf_mig$ 2009-03-10 19:47:27 ----D---- C:\Programme\Security Task Manager 2009-03-10 02:49:15 ----A---- C:\WINDOWS\system32\wrap_oal.dll 2009-03-10 02:49:15 ----A---- C:\WINDOWS\system32\OpenAL32.dll 2009-03-10 02:49:08 ----D---- C:\WINDOWS\system32\Data 2009-03-10 02:46:21 ----HD---- C:\Programme\InstallShield Installation Information 2009-03-10 01:53:13 ----A---- C:\WINDOWS\sbwin.ini 2009-03-10 01:51:32 ----D---- C:\Programme\Creative 2009-03-10 00:38:08 ----D---- C:\WINDOWS\system 2009-03-10 00:24:09 ----D---- C:\Programme\ATI Technologies 2009-03-10 00:24:02 ----D---- C:\Dokumente und Einstellungen\Marcus\Anwendungsdaten\ATI 2009-03-09 23:26:15 ----D---- C:\Dokumente und Einstellungen\Marcus\Anwendungsdaten\Creative 2009-03-09 22:23:18 ----D---- C:\Programme\TuneUp Utilities 2008 2009-03-09 22:23:13 ----A---- C:\WINDOWS\system32\TuneUpDefragService.exe 2009-03-08 17:25:24 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-03-08 03:10:51 ----SHD---- C:\RECYCLER 2009-02-25 17:58:18 ----D---- C:\WINDOWS\system32\DirectX 2009-02-25 17:57:36 ----RSD---- C:\WINDOWS\assembly 2009-02-25 16:59:07 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nero 2009-02-25 16:54:14 ----D---- C:\Programme\Nero 2009-02-25 16:18:19 ----D---- C:\WINDOWS\Microsoft.NET 2009-02-25 16:01:28 ----D---- C:\WINDOWS\system32\XPSViewer 2009-02-25 16:01:27 ----D---- C:\WINDOWS\system32\de-de 2009-02-25 16:01:15 ----D---- C:\WINDOWS\system32\mui 2009-02-25 16:00:05 ----D---- C:\WINDOWS\system32\en-us 2009-02-25 12:55:00 ----A---- C:\WINDOWS\system32\MRT.exe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 bdftdif;bdftdif; \??\C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Firewall\bdftdif.sys [] R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40448] R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-14 14720] R1 pctgntdi;pctgntdi; \??\C:\WINDOWS\system32\drivers\pctgntdi.sys [] R1 SASDIFSV;SASDIFSV; \??\C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS [] R1 SASKUTIL;SASKUTIL; \??\C:\Programme\SUPERAntiSpyware\SASKUTIL.sys [] R1 WS2IFSL;Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-18 12032] R2 acedrv11;acedrv11; \??\C:\WINDOWS\system32\drivers\acedrv11.sys [] R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-01-20 278728] R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-01-20 25416] R3 Bdfndisf;BitDefender Firewall NDIS Filter Service; C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-06-02 86792] R3 bdfsfltr;bdfsfltr; C:\WINDOWS\system32\drivers\bdfsfltr.sys [2008-01-07 196368] R3 BDSelfPr;BDSelfPr; \??\C:\Programme\BitDefender\BitDefender 2008\bdselfpr.sys [] R3 btaudio;Bluetooth-Audiogerät; C:\WINDOWS\system32\drivers\btaudio.sys [2006-12-04 329901] R3 BTDriver;Virtueller Bluetooth-Kommunikationstreiber; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-12-04 30459] R3 BTKRNL;Bluetooth-Bus-Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-12-04 863402] R3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2006-12-04 47907] R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-12-04 67672] R3 CT20XUT.SYS;CT20XUT.SYS; C:\WINDOWS\System32\drivers\CT20XUT.SYS [2008-10-08 171032] R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2008-10-08 511000] R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2008-10-08 526232] R3 CTEXFIFX.SYS;CTEXFIFX.SYS; C:\WINDOWS\System32\drivers\CTEXFIFX.SYS [2008-10-08 1324056] R3 CTHWIUT.SYS;CTHWIUT.SYS; C:\WINDOWS\System32\drivers\CTHWIUT.SYS [2008-10-08 72728] R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2008-10-08 14360] R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2008-10-08 158744] R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2008-10-08 95768] R3 ha20x2k;Creative 20X HAL Driver; C:\WINDOWS\system32\drivers\ha20x2k.sys [2008-10-08 1177624] R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344] R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880] R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-18 12288] R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-02-18 6308224] R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2008-10-08 130072] R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000] R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2008-01-24 19336] R3 WmFilter;Logitech Gaming HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2008-01-24 28168] R3 WmXlCore;Logitech Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2008-01-24 48904] R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2006-05-23 245248] S1 ATITool;ATITool Overclocking Utility; C:\WINDOWS\system32\DRIVERS\ATITool.sys [2006-11-10 24064] S3 abwn0gbu;abwn0gbu; C:\WINDOWS\system32\drivers\abwn0gbu.sys [] S3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] S3 ATIAVAIW;ATI T200 Unified AVStream service; C:\WINDOWS\system32\DRIVERS\atinavt2.sys [] S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 COMMONFX.SYS;COMMONFX.SYS; C:\WINDOWS\System32\drivers\COMMONFX.SYS [2008-06-27 99352] S3 COMMONFX;COMMONFX; C:\WINDOWS\system32\drivers\COMMONFX.SYS [2008-06-27 99352] S3 CT20XUT;CT20XUT; C:\WINDOWS\system32\drivers\CT20XUT.SYS [2008-10-08 171032] S3 CTAUDFX.SYS;CTAUDFX.SYS; C:\WINDOWS\System32\drivers\CTAUDFX.SYS [2008-06-27 555032] S3 CTAUDFX;CTAUDFX; C:\WINDOWS\system32\drivers\CTAUDFX.SYS [2008-06-27 555032] S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2008-10-08 347080] S3 CTERFXFX.SYS;CTERFXFX.SYS; C:\WINDOWS\System32\drivers\CTERFXFX.SYS [2008-06-27 100888] S3 CTERFXFX;CTERFXFX; C:\WINDOWS\system32\drivers\CTERFXFX.SYS [2008-06-27 100888] S3 CTEXFIFX;CTEXFIFX; C:\WINDOWS\system32\drivers\CTEXFIFX.SYS [2008-10-08 1324056] S3 CTHWIUT;CTHWIUT; C:\WINDOWS\system32\drivers\CTHWIUT.SYS [2008-10-08 72728] S3 CTSBLFX.SYS;CTSBLFX.SYS; C:\WINDOWS\System32\drivers\CTSBLFX.SYS [2008-06-27 566296] S3 CTSBLFX;CTSBLFX; C:\WINDOWS\system32\drivers\CTSBLFX.SYS [2008-06-27 566296] S3 DFUBTUSB;WIDCOMM USB Bluetooth Driver in DFU State; C:\WINDOWS\System32\Drivers\frmupgr.sys [2007-01-03 27536] S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [] S3 ggflt;SEMC USB Flash Driver Filter; C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-02-04 13352] S3 ggsemc;SEMC USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2008-02-04 20520] S3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] S3 HPFXBULK;HPFXBULK; C:\WINDOWS\system32\drivers\hpfxbulk.sys [2007-07-16 17432] S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [] S3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys [] S3 MEMSWEEP2;MEMSWEEP2; \??\C:\WINDOWS\system32\E.tmp [] S3 MPE;BDA MPE-Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] S3 Partizan;Partizan; C:\WINDOWS\system32\drivers\Partizan.sys [2009-03-20 34760] S3 pctplsg;pctplsg; \??\C:\WINDOWS\system32\drivers\pctplsg.sys [] S3 Profos;Profos; \??\C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Threat Scanner\profos.sys [] S3 RegGuard;RegGuard; \??\C:\WINDOWS\system32\Drivers\regguard.sys [] S3 RivaTuner32;RivaTuner32; \??\C:\Programme\RivaTuner v2.20\RivaTuner32.sys [] S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter; C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2006-09-05 176128] S3 SASENUM;SASENUM; \??\C:\Programme\SUPERAntiSpyware\SASENUM.SYS [] S3 SjyPkt;SjyPkt; \??\C:\WINDOWS\System32\Drivers\SjyPkt.sys [] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 TfNetMon;TfNetMon; \??\C:\WINDOWS\system32\drivers\TfNetMon.sys [] S3 Trufos;Trufos; \??\C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Threat Scanner\trufos.sys [] S3 usb_rndisx;USB-RNDIS-Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [] S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672] S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2008-01-24 14728] S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] S4 sr;Filtertreiber für Systemwiederherstellung; C:\WINDOWS\System32\DRIVERS\sr.sys [2008-04-14 73472] |
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 btwdins;Bluetooth Service; C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-11-29 266295] R2 CTAudSvcService;Creative Audio Service; C:\Programme\Creative\Shared Files\CTAudSvc.exe [2008-10-31 307200] R2 LBTServ;Logitech Bluetooth Service; C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe [2008-05-02 121360] R2 LIVESRV;BitDefender Desktop Update Service; C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe [2008-11-18 1179648] R2 MDM;Machine Debug Manager; C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872] R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-02-18 163908] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 VSSERV;BitDefender Virus Shield; C:\Programme\BitDefender\BitDefender 2008\vsserv.exe [2008-08-29 1261568] R2 XCOMM;BitDefender Communicator; C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Communicator\xcommsvr.exe [2007-11-27 86016] R3 scan;BitDefender Threat Scanner; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] S2 NetTcpPortSharingNMIndexingService;Net.Tcp Port Sharing Service NetTcpPortSharingNMIndexingService; C:\WINDOWS\system32\27034f4e-s.exe srv [] S2 ThemesShellHWDetection;Designs ThemesShellHWDetection; C:\WINDOWS\system32\1031f.exe srv [] S2 upnphostscan;Universeller Plug & Play-Gerätehost upnphostscan; C:\WINDOWS\system32\acleditq.exe srv [] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 Bonjour Service;Bonjour-Dienst; C:\Programme\Bonjour\mDNSResponder.exe [2008-08-29 238888] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service; C:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\CTAELicensing.exe [2009-03-10 79360] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-07-02 654848] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864] S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256] S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Programme\Lavasoft\Ad-Aware\AAWService.exe [2009-03-20 951632] S3 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe [2008-12-05 935208] S3 NeroMediaHomeService.4;Nero MediaHome 4 Service; C:\Programme\Nero\Nero MediaHome 4\NMMediaServerService.exe [2008-12-12 476456] S3 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2008-09-04 1295616] S3 odserv;Microsoft Office Diagnostics Service; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776] S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 PDFProFiltSrv;PDFProFiltSrv; C:\Programme\Nuance\PDF Professional 5\PDFProFiltSrv.exe [2008-02-27 144672] S3 sdAuxService;PC Tools Auxiliary Service; C:\Programme\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752] S3 sdCoreService;PC Tools Security Service; C:\Programme\Spyware Doctor\pctsSvc.exe [2009-01-21 1095560] S3 ThreatFire;ThreatFire; C:\Programme\Spyware Doctor\TFEngine\TFService.exe [2008-06-06 66880] S3 TuneUp.Defrag;TuneUp Drive Defrag-Dienst; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-03-09 355584] S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 Crypkey License;Crypkey License; C:\WINDOWS\system32\crypserv.exe [2006-03-01 69632] S4 MBAMService;MBAMService; C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe [2009-02-11 179856] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880] S4 NMIndexingService;NMIndexingService; C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe [] S4 UxTuneUp;TuneUp Designerweiterung; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] -----------------EOF----------------- ========================================================= info.txt logfile of random's system information tool 1.06 2009-03-22 23:13:04 ======Uninstall list====== -->"C:\Programme\Creative\Sound Blaster X-Fi\Program\SETUP.EXE" /S /U /W /L:GER -->C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER -->C:\Programme\Gemeinsame Dateien\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="9M03-07A0-7UEM-MU88-UL4X-03TW-HHUH-1361" -->C:\Programme\Gemeinsame Dateien\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="9M06-00A0-C1T4-M01L-MX8C-57L3-LECL-9669" -->C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 -->C:\Programme\ProgDVB\uninstall.exe -->MsiExec /X{DD1865F0-AD73-40FB-B23E-1822E02396FF} -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{06E3E953-0570-4DFF-A7B5-46114C390228}\setup.exe" -l0x7 -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{06E3E953-0570-4DFF-A7B5-46114C390228}\setup.exe" -l0x7 /remove -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x7 -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2670895A-4E6C-4450-B868-7B7DB80A3357}\setup.exe" -l0x7 -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x7 -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x7 /remove -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x7 -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x7 -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x7 /remove -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{888347B3-AEC5-4BB5-8BAB-781D72A57C73}\setup.exe" -l0x7 -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x7 -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B5AF6143-E738-4768-A5E6-C07C68A464A4}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B5AF6143-E738-4768-A5E6-C07C68A464A4}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{C229589D-CC1A-43FF-9507-CDED3AB85325}\setup.exe" -l0x7 -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{C229589D-CC1A-43FF-9507-CDED3AB85325}\setup.exe" -l0x7 /remove -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{CC3D3A93-C433-4329-AC3A-7EFC52A332C2}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{CC3D3A93-C433-4329-AC3A-7EFC52A332C2}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{D8A544F4-AC5F-4B67-9C74-F3E976798797}\setup.exe" -l0x7 -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{D8A544F4-AC5F-4B67-9C74-F3E976798797}\setup.exe" -l0x7 /remove -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x7 -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x7 /remove -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FCCDA302-32D9-4AE7-A094-4BE677554F26}\setup.exe" -l0x7 -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 1-2-3 Spyware Free v4.7-->"C:\Programme\Smart PC Solutions\1-2-3 Spyware Free\unins000.exe" 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {58FC5E37-DD28-4D4A-A549-125744C6763C} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {888B9AC7-8F5C-456B-A27A-157A6C310E52} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD} 32 Bit HP BiDi Channel Components Installer-->MsiExec.exe /I{9DE3F260-B88E-42CE-90E7-73C78C37D95E} 7-Zip 4.57-->"C:\Programme\7-Zip\Uninstall.exe" Ad-Aware-->"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE Ad-Aware-->C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95} Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61} Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394} Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23} Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C} Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C} Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E} Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9} Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2} Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029} Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A} Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D} Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD} Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2} Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B} Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245} Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078} Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C} Adobe Photoshop CS3-->C:\Programme\Gemeinsame Dateien\Adobe\Installers\5f143314a5d434c8511097393d17397\Setup.exe Adobe Photoshop CS3-->MsiExec.exe /I{29F05234-DCBB-4FE0-88DC-5160C9250312} Adobe Reader 8.1.1 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81000000003} Adobe Setup-->MsiExec.exe /I{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C} Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183} Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312} Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8} Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5} Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6} Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923} aerosoft's - FDC Live Cockpit-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{126B6545-C321-4C22-A8C1-F59065A5E344}\Setup.exe" -uninst ArchiCrypt System Doctor Version 1.2.3.2231-->"C:\Programme\ArchiCrypt System Doctor\unins000.exe" Assassin's Creed-->C:\Programme\InstallShield Installation Information\{8CFA9151-6404-409A-AF22-4632D04582FD}\setup.exe -runfromtemp -l0x0007 -removeonly ASUS WiFi-AP Solo-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{8B3F4499-32E6-470D-8586-E6C03420F889}\Setup.exe" -l0x9 REMOVE BitDefender Total Security 2008-->MsiExec.exe /I{E404EFD4-6110-413C-AD1A-D6D0F261960E} Bridge Builder-->D:\Bridge builder\uninstall.exe Call of Duty(R) - World at War(TM)-->C:\Programme\InstallShield Installation Information\{D80A6A73-E58A-4673-AFF5-F12D7110661F}\setup.exe -runfromtemp -l0x0409 Canon S750-->C:\WINDOWS\system32\CNMCP3q.exe "-PRINTERNAMECanon S750" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon S750 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon S750 Installer\Inst2\cnmi0407.dll" CCleaner (remove only)-->"C:\Programme\CCleaner\uninst.exe" CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A} City Life 2008-->D:\City Life\uninst.exe Combined Community Codec Pack 2008-01-24-->"C:\Programme\Combined Community Codec Pack\unins000.exe" Creative Audio-Systemsteuerung-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x7 /remove Creative Konsole Starter-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{888347B3-AEC5-4BB5-8BAB-781D72A57C73}\setup.exe" -l0x7 /remove Creative WaveStudio 7-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2670895A-4E6C-4450-B868-7B7DB80A3357}\setup.exe" -l0x7 /remove CuteFTP 7 Professional-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{1CCBCF78-EF12-4137-B3CA-99F30A2E7D21}\Setup.exe" -l0x9 DH Driver Cleaner Professional Edition-->C:\Programme\Driver Cleaner Pro\Uninstall.exe DivX Codec-->C:\Programme\DivX\DivXCodecUninstall.exe /CODEC DivX Converter-->C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER EVEREST Home Edition v2.20-->"C:\Programme\Lavalys\EVEREST Home Edition\unins000.exe" EVGA Precision 1.3.2-->"C:\Programme\EVGA Precision\uninstall.exe" Fallout 3-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{974C4B12-4D02-4879-85E0-61C95CC63E9E}\setup.exe" -l0x9 -removeonly Free Videos To DVD V2.1-->"C:\Programme\Videos To DVD\unins000.exe" FS Global 2008 for FSX-->E:\MICROS~1\pilots_software\fsgx\uninstal.exe E:\MICROS~1\pilots_software\fsgx Google Earth-->MsiExec.exe /I{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90} Grand Theft Auto IV-->"C:\Programme\InstallShield Installation Information\{579BA58C-F33D-4970-9953-B94B43768AC3}\setup.exe" -runfromtemp -l0x0007 -removeonly GRID-->"C:\Programme\InstallShield Installation Information\{5A0B7BA5-4682-4273-81C2-69B17E649103}\setup.exe" -runfromtemp -l0x0007 -removeonly GTA IV Realism Mod - Windows XP 1.00-->C:\Program Files\Rockstar Games\GTA IV Realism Mod v1.0\Uninstall.exe GTR Evolution-->"D:\GTR Evolution\Uninstall\unins000.exe" Handbrake 0.9.2-->C:\Programme\Handbrake\uninst.exe HijackThis 2.0.2-->"C:\Programme\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hitman Blood Money-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{A804B134-F03D-4EFD-9BC0-DCD257AA1B22}\setup.exe" -l0x9 -removeonly Hospital Tycoon-->D:\Hospital Tycoon\uninstall.exe Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Hotfix für Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe" Hotfix für Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" HP Color LaserJet CP1510 Series 2.0-->C:\Programme\HP\Digital Imaging\{223C0721-A6B0-4853-88C0-331029841734}\setup\hpzscr01.exe -datfile hppscr09.dat -onestop -forcereboot Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} |
Kaspersky Online Scanner-->C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355} Lautstärkefenster-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FCCDA302-32D9-4AE7-A094-4BE677554F26}\setup.exe" -l0x7 /remove Left 4 Dead-->"C:\WINDOWS\Left 4 Dead\uninstall.exe" "/U:D:\Left 4 Dead\Uninstall\uninstall.xml" Logitech Gaming Software 5.02-->MsiExec.exe /X{64B20B36-AEE7-4DD4-897C-C5DA5C218F60} Logitech SetPoint-->C:\Programme\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0007 -removeonly Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe" Marvell Miniport Driver-->MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B} Mass Effect-->C:\Programme\Gemeinsame Dateien\BioWare\Uninstall Mass Effect.exe Medieval CUE Splitter-->MsiExec.exe /I{B96D2269-568B-4CBF-9332-12FAE8B158F7} Medieval II Total War : Kingdoms : Americas-->C:\Programme\InstallShield Installation Information\{75983B66-804C-40D1-BA13-64DAF652A6F1}\setup.exe -runfromtemp -l0x0009 -removeonly Medieval II Total War : Kingdoms : Britannia-->C:\Programme\InstallShield Installation Information\{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}\setup.exe -runfromtemp -l0x0009 -removeonly Medieval II Total War : Kingdoms : Crusades-->C:\Programme\InstallShield Installation Information\{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}\setup.exe -runfromtemp -l0x0009 -removeonly Medieval II Total War : Kingdoms : Teutonic-->C:\Programme\InstallShield Installation Information\{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}\setup.exe -runfromtemp -l0x0009 -removeonly Medieval II Total War-->C:\Programme\InstallShield Installation Information\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\setup.exe -runfromtemp -l0x0009 -removeonly Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU-->MsiExec.exe /I{9309DD7E-EBFE-3C95-8B47-30D3A012F606} Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28} Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU-->MsiExec.exe /I{A1071AEB-B0EF-3F5F-BC84-83A270EBE496} Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783} Microsoft .NET Framework 3.5 Language Pack - DEU-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - deu\setup.exe Microsoft .NET Framework 3.5 Language Pack - deu-->MsiExec.exe /I{1545207E-C6F3-31D7-9918-BDBB65075FBF} Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40} Microsoft ActiveSync-->MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE} Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Flight Simulator X Service Pack 1-->C:\WINDOWS\system32\msiexec.exe /qb /l*vx "%TEMP%\FlightSimPatchUninstall.log" /uninstall {7FB5887E-FA27-4CDC-BBA4-146487E789FA} /package {F535B2CF-C9BB-4162-B03A-02D6971F32CC} Microsoft Flight Simulator X Service Pack 2-->MsiExec.exe /X{E7CC4B85-DC2F-463F-8FEB-E7398E25C19A} Microsoft Flight Simulator X-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{F535B2CF-C9BB-4162-B03A-02D6971F32CC} Microsoft Flight Simulator X-->MsiExec.exe /X{F535B2CF-C9BB-4162-B03A-02D6971F32CC} Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F} Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{FD052FB9-FE90-4438-B355-15EDC89D8FB1} Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office Access MUI (German) 2007-->MsiExec.exe /X{90120000-0015-0407-0000-0000000FF1CE} Microsoft Office Enterprise 2007-->"C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE} Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE} Microsoft Office Groove MUI (German) 2007-->MsiExec.exe /X{90120000-00BA-0407-0000-0000000FF1CE} Microsoft Office InfoPath MUI (German) 2007-->MsiExec.exe /X{90120000-0044-0407-0000-0000000FF1CE} Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE} Microsoft Office Outlook MUI (German) 2007-->MsiExec.exe /X{90120000-001A-0407-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE} Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE} Microsoft Office Publisher MUI (German) 2007-->MsiExec.exe /X{90120000-0019-0407-0000-0000000FF1CE} Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE} Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE} Microsoft Train Simulator-->"D:\Microsoft Games\Train Simulator\UNINSTAL.EXE" /runtemp /addremove Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} Microsoft Visual J# .NET Redistributable Package 1.1-->MsiExec.exe /X{1A655D51-1423-48A3-B748-8F5A0BE294C8} Mirror's Edge™-->MsiExec.exe /X{AEDBD563-24BB-4EE3-8366-A654DAC2D988} MKVtoolnix 2.2.0-->C:\Programme\MKVtoolnix\uninst.exe Mozilla Firefox (3.0.3)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC} MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08} MyMicroBalance-->MsiExec.exe /I{8DE52585-128B-4C71-9AC7-224DB87490D8} MyTraffic X Version 5.1b-->E:\Microsoft Flight Simulator X\MyTrafficX_uninstall.exe Nero MediaHome 4-->C:\Programme\Gemeinsame Dateien\Nero\Nero ProductInstaller 4\SetupX.exe neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} NewsLeecher v3.9 Final-->"C:\Programme\NewsLeecher\unins000.exe" Nuance PDF Professional 5-->MsiExec.exe /I{76314E3E-BD04-47AF-9765-9FA798FC5B01} NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI NVIDIA PhysX-->MsiExec.exe /X{DD1865F0-AD73-40FB-B23E-1822E02396FF} O&O Defrag Professional Edition-->MsiExec.exe /I{E6CB18CD-04EF-4C6A-A5F3-5F49E7332895} OpenAL-->"C:\Programme\OpenAL\OALInst.exe" /U PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5} PowerDVD-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall ProtectDisc Driver, Version 11-->C:\Programme\ProtectDisc Driver Installer\uninstall_v11.exe QuickPar 0.9-->C:\Programme\QuickPar\uninst.exe QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB} RAR Password Recovery v1.1 RC17 (remove only)-->C:\Programme\Intelore\RAR Password Recovery\uninstall.exe ratDVD 0.78.1444-->C:\Programme\ratDVD\uninst.exe RCT3 Soaked-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{EA926717-CE5A-4CB4-AB21-9E6E9565A458}\setup.exe" -l0x7 RealPlayer-->C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 RegRun Security Suite Platinum-->C:\Programme\Greatis\RegRunSuite\R3UR.exe RivaTuner v2.20-->"C:\Programme\RivaTuner v2.20\uninstall.exe" Rockstar Games Social Club-->"C:\Programme\InstallShield Installation Information\{08B3869E-D282-424C-9AFC-870E04A4BA14}\setup.exe" -runfromtemp -l0x0007 -removeonly RollerCoaster Tycoon 3-->"D:\RC3\uninst\unins000.exe" R-Studio 4.2-->C:\Programme\R-Studio\Uninstall.exe RTL Winter Sports 2008-->"D:\RTL Winter Sports 2008\Uninstall.exe" RunAlyzer-->"C:\Programme\Safer Networking\RunAlyzer\unins000.exe" S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0005]-->"D:\S.T.A.L.K.E.R. - Shadow of Chernobyl\unins000.exe" Security Task Manager 1.7g-->C:\Programme\Security Task Manager\Uninstal.exe "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Security Task Manager" Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85} Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7} Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2} Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B} Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4} Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77} Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85} Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F} Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC} Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C} Security Update for Visio 2007 (KB947590)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41} Sicherheitsupdate für Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf Sicherheitsupdate für Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe" Sins of a Solar Empire Demo-->"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{DCCC02D4-0037-45EA-827D-DF603145C5BB}\Setup.exe" REMOVE=TRUE MODIFY=FALSE Ski Park Manager 2003-->"D:\Ski Park Manager 2003\unins000.exe" SopCast 3.0.3-->C:\Programme\SopCast\uninst.exe Sophos Anti-Rootkit 1.3.1-->C:\Programme\Sophos\Sophos Anti-Rootkit\helper.exe remove Sound Blaster X-Fi-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}\SETUP.EXE" -l0x7 /remove SoundFont-Bank-Manager-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x7 /remove Spybot - Search & Destroy-->"C:\Programme\Spybot - Search & Destroy\unins000.exe" Spyware Doctor 6.0-->C:\Programme\Spyware Doctor\unins000.exe /LOG SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} TagRunner 2.0.1.2-->"C:\Programme\RapidSolution\TagRunner\unins000.exe" Theme Hospital-->C:\WINDOWS\unin0407.exe -f"d:\Theme Hospital\DeIsL1.isu" Tom Clancy's EndWar-->"C:\Programme\InstallShield Installation Information\{7C3D8108-8D99-427F-A1C2-D8E0D25A469C}\setup.exe" -runfromtemp -l0x0007 -removeonly Tom Clancy's Rainbow Six Vegas 2-->"C:\Programme\InstallShield Installation Information\{FD416706-875C-4B0B-A23A-9E740DAE029E}\setup.exe" -runfromtemp -l0x0007 -removeonly TomTom HOME 2.5.2.60-->C:\Programme\TomTom HOME 2\Uninstall TomTom HOME.exe Transcend JetFlash Recovery Tool-->"C:\WINDOWS\Transcend JetFlash Recovery Tool\uninstall.exe" "/U:C:\Programme\Transcend JetFlash Recovery Tool\Uninstall\uninstall.xml" TuneUp Utilities 2008-->MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA} UEFA EURO 2008™-->MsiExec.exe /X{DE3FCA5F-7B8A-482B-89A9-CC9BD5F656A1} Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756} Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278} Update for Outlook 2007 Junk Email Filter (kb962871)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {297857BF-4011-449B-BD74-DB64D182821C} Update für Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Update für Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Update für Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Update für Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" Update Service-->C:\Programme\Sony Ericsson\Update Service\uninst.exe VC_MergeModuleToMSI-->MsiExec.exe /I{900A92BA-19EF-4A34-86CF-7B6C85BDD971} Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27} Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT="" Wichtiges Update für Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe" WIDCOMM Bluetooth Software-->MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6} Winamp-->"C:\Programme\Winamp\UninstWA.exe" Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52} Windows Media Format 11 runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows Mobile®-X1 XPERIA Handbuch-->C:\Programme\Windows Mobile-X1 XPERIA Handbuch\Windows Mobile Device Handbook\Bin\DHUninstall.exe Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840} Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" WinRAR-->C:\Programme\WinRAR\uninstall.exe XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe" xp-AntiSpy 3.96-7-->C:\Programme\xp-AntiSpy\Uninstall.exe =====HijackThis Backups===== O20 - Winlogon Notify: ssqnKaBt - ssqnKaBt.dll (file missing) [2009-03-19] O21 - SSODL: DscMon - {23CFE69B-19C3-F0FE-7C86-053BF104A150} - (no file) [2009-03-19] O23 - Service: Nachrichtendienst Messengermnmsrvc (Messengermnmsrvc) - Unknown owner - C:\WINDOWS\system32\actxprxyu.exe (file missing) [2009-03-19] O23 - Service: Shellhardwareerkennung ShellHWDetectionWmdmPmSN (ShellHWDetectionWmdmPmSN) - Unknown owner - C:\WINDOWS\system32\advapi32w.exe (file missing) [2009-03-19] O23 - Service: Nachrichtendienst Messengermnmsrvc (Messengermnmsrvc) - Unknown owner - C:\WINDOWS\system32\actxprxyu.exe (file missing) [2009-03-20] O23 - Service: Nachrichtendienst Messengermnmsrvc (Messengermnmsrvc) - Unknown owner - C:\WINDOWS\system32\actxprxyu.exe (file missing) [2009-03-20] O23 - Service: Shellhardwareerkennung ShellHWDetectionWmdmPmSN (ShellHWDetectionWmdmPmSN) - Unknown owner - C:\WINDOWS\system32\advapi32w.exe (file missing) [2009-03-20] O23 - Service: Shellhardwareerkennung ShellHWDetectionWmdmPmSN (ShellHWDetectionWmdmPmSN) - Unknown owner - C:\WINDOWS\system32\advapi32w.exe (file missing) [2009-03-20] ======Hosts File====== 127.0.0.1 localhost ======Security center information====== AV: Bitdefender Antivirus AV: Spyware Doctor with AntiVirus (disabled) FW: Bitdefender Firewall ======System event log====== Computer Name: DESKTOP Event Code: 7000 Message: Der Dienst "BitDefender Virus Shield" wurde aufgrund folgenden Fehlers nicht gestartet: Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung. Record Number: 26767 Source Name: Service Control Manager Time Written: 20090317133942.000000+060 Event Type: error User: Computer Name: DESKTOP Event Code: 7009 Message: Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst BitDefender Virus Shield. Record Number: 26766 Source Name: Service Control Manager Time Written: 20090317133942.000000+060 Event Type: error User: Computer Name: DESKTOP Event Code: 10020 Message: Die computerweite Start und Aktivierung-Sicherheitsbeschreibung (Standard) ist ungültig. Sie enthält Zugriffssteuerungseinträge mit ungültigen Berechtigungen. Die angeforderte Aktion wurde daher nicht ausgeführt. Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste korrigiert werden. Record Number: 26764 Source Name: DCOM Time Written: 20090317133920.000000+060 Event Type: error User: Computer Name: DESKTOP Event Code: 10020 Message: Die computerweite Start und Aktivierung-Sicherheitsbeschreibung (Standard) ist ungültig. Sie enthält Zugriffssteuerungseinträge mit ungültigen Berechtigungen. Die angeforderte Aktion wurde daher nicht ausgeführt. Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste korrigiert werden. Record Number: 26743 Source Name: DCOM Time Written: 20090316202443.000000+060 Event Type: error User: Computer Name: DESKTOP Event Code: 10020 Message: Die computerweite Start und Aktivierung-Sicherheitsbeschreibung (Standard) ist ungültig. Sie enthält Zugriffssteuerungseinträge mit ungültigen Berechtigungen. Die angeforderte Aktion wurde daher nicht ausgeführt. Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste korrigiert werden. Record Number: 26721 Source Name: DCOM Time Written: 20090316144021.000000+060 Event Type: error User: |
=====Application event log===== Computer Name: DESKTOP Event Code: 0 Message: Configuration section system.serviceModel.activation does not exist in C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config. Record Number: 5463 Source Name: System.ServiceModel.Install 3.0.0.0 Time Written: 20081105170655.000000+060 Event Type: warning User: Computer Name: DESKTOP Event Code: 0 Message: Configuration section system.runtime.serialization does not exist in C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config. Record Number: 5462 Source Name: System.ServiceModel.Install 3.0.0.0 Time Written: 20081105170655.000000+060 Event Type: warning User: Computer Name: DESKTOP Event Code: 0 Message: Configuration section system.serviceModel does not exist in C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config. Record Number: 5461 Source Name: System.ServiceModel.Install 3.0.0.0 Time Written: 20081105170655.000000+060 Event Type: warning User: Computer Name: DESKTOP Event Code: 0 Message: Could not detect IIS installation or IIS is disabled, skipping the Web Host Script Mappings component since it depends upon IIS to function properly. If you believe this message is an error, check your IIS installation to make sure it is installed properly. Record Number: 5459 Source Name: System.ServiceModel.Install 3.0.0.0 Time Written: 20081105170654.000000+060 Event Type: warning User: Computer Name: DESKTOP Event Code: 11931 Message: Product: MSXML 6.0 Parser (KB925673) -- Error 1931. The Windows Installer service cannot update the system file C:\WINDOWS\system32\msxml6r.dll because the file is protected by Windows. You may need to update your operating system for this program to work correctly. Package version: 6.0.3883.0, OS Protected version: 6.0.3883.0 Record Number: 5456 Source Name: MsiInstaller Time Written: 20081105170626.000000+060 Event Type: error User: DESKTOP\Marcus ======Environment variables====== "CLASSPATH"=.;C:\Programme\Java\jre1.6.0_03\lib\ext\QTJava.zip "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "NUMBER_OF_PROCESSORS"=4 "OS"=Windows_NT "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\ATI Technologies\ATI.ACE\Core-Static;C:\Programme\QuickTime\QTSystem\ "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 7, GenuineIntel "PROCESSOR_LEVEL"=6 "PROCESSOR_REVISION"=1707 "QTJAVA"=C:\Programme\Java\jre1.6.0_03\lib\ext\QTJava.zip "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "windir"=%SystemRoot% "RGSCLauncher"=C:\Programme\Rockstar Games\Rockstar Games Social Club "RGSC"=C:\Programme\Rockstar Games\Rockstar Games Social Club\1_0_0_0 -----------------EOF----------------- |
Woah, was eine lange Liste an ehemaligen Befällen... Du solltest dringend dein Verhalten am Rechner überdenken. Ich würd spontan sagen: Weniger Sicherheitsprogramme, weniger Cracks, weniger Befälle. Mit Passwörter wechseln meinte ich alle Passwörter die du von dem Rechner aus benutzt hast, diese können alle mitgelesen worden sein und daher ist es notwendig diese zu ändern. Ich poste morgen nen fix, für den bösartigen Kram der noch auf deinem System ist. lg myrtille |
Hi, arbeite bitte erstmal folgendes ab: Deinstalliere folgende Programme unter Start->Systemsteuerung->Software: Ad-Aware Adobe Reader 8.1.1 ->Updaten oder entfernen. Aktuell ist version 9 Java(TM) 6 Update 3 ->Updaten oder entfernen. Aktuell ist version 6.12 Kaspersky Online Scanner Sophos Anti-Rootkit 1.3.1 Spyware Doctor 6.0 Spybot - Search & Destroy SDFix Führe dann Combofix aus und poste das log hier: ComboFix
Combofix darf ausschließlich ausgeführt werden wenn ein Kompetenzler dies ausdrücklich empfohlen hat!Hinweis: Combofix verhindert die Autostart Funktion aller CD / DVD und USB - Laufwerken um so eine Verbeitung einzudämmen. Wenn es hierdurch zu Problemen kommt, diese im Thread posten. (ausführliche Anleitung -> Ein Leitfaden und Tutorium zur Nutzung von ComboFix) lg myrtille |
Hi, so, habe nun die angegebenen und noch ein paar andere Programme deinstalliert. CCleaner konnte alle Einträge in der Registry entfernen bis auf diesen (auch nach mehrmaligen probieren): ActiveX/COM Fehler InProcServer32\C:\WINDOWS\system32\Macromed\Flash\Flash6.ocx HKCR\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A} Wie geht's nun weiter? Danke! :Boogie: =========================================================== ComboFix 09-03-22.01 - Marcus 2009-03-23 22:38:42.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.43.1031.18.3071.2664 [GMT 1:00] ausgeführt von:: c:\dokumente und einstellungen\Marcus\Desktop\ComboFix.exe AV: Bitdefender Antivirus *On-access scanning disabled* (Updated) FW: Bitdefender Firewall *disabled* Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !! . ((((((((((((((((((((((( Dateien erstellt von 2009-02-23 bis 2009-03-23 )))))))))))))))))))))))))))))) . 2009-03-23 21:22 . 2009-03-23 21:22 410,984 --a------ c:\windows\system32\deploytk.dll 2009-03-22 23:13 . 2009-03-22 23:13 <DIR> d-------- C:\rsit 2009-03-22 20:54 . 2009-03-22 20:54 32 --a-s---- c:\windows\system32\4221534445.dat 2009-03-22 11:59 . 2009-03-23 21:25 <DIR> d-------- c:\programme\Sophos 2009-03-22 11:22 . 2009-03-22 11:31 <DIR> d-------- c:\programme\Blacklight 2009-03-20 21:33 . 2009-03-23 21:02 <DIR> d-------- c:\programme\Lavasoft 2009-03-20 21:33 . 2009-03-23 21:02 <DIR> d-------- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft 2009-03-20 20:02 . 2009-03-20 20:02 17 --a------ C:\stinger10000482.opt 2009-03-20 19:24 . 2009-03-20 19:24 2,639,879 --a------ C:\stinger10000482.exe 2009-03-20 18:49 . 2009-03-20 18:49 <DIR> d-------- c:\dokumente und einstellungen\Tanja\Anwendungsdaten\Bitdefender 2009-03-20 14:46 . 2009-03-20 14:46 74 --a------ c:\windows\lsoon.ini 2009-03-20 14:16 . 2009-03-20 15:17 <DIR> d-------- c:\dokumente und einstellungen\Marcus\Anwendungsdaten\Regrun 2009-03-20 14:16 . 2009-03-20 14:46 <DIR> d-------- C:\backreg 2009-03-20 14:16 . 2009-03-20 14:16 (2) -rahs-ot- c:\windows\winstart.bat 2009-03-20 14:15 . 2009-03-20 14:15 <DIR> d-------- c:\programme\Greatis 2009-03-20 14:15 . 2003-09-06 15:55 57,556 --a------ c:\windows\guard.bmp 2009-03-20 00:09 . 2009-03-23 21:29 <DIR> d-------- c:\programme\SUPERAntiSpyware 2009-03-20 00:09 . 2009-03-23 21:29 <DIR> d-------- c:\dokumente und einstellungen\Marcus\Anwendungsdaten\SUPERAntiSpyware.com 2009-03-20 00:09 . 2009-03-20 00:09 <DIR> d-------- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com 2009-03-19 18:00 . 2009-03-23 21:29 <DIR> d-a------ c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP 2009-03-19 18:00 . 2009-03-23 21:29 <DIR> d-------- c:\dokumente und einstellungen\All Users\Anwendungsdaten\PC Tools 2009-03-19 17:48 . 2009-03-19 17:48 <DIR> d-------- C:\VundoFix Backups 2009-03-19 17:29 . 2009-03-19 17:29 580,096 --a--c--- c:\windows\system32\dllcache\user32.dll 2009-03-19 17:27 . 2009-03-19 17:27 <DIR> d-------- c:\windows\ERUNT 2009-03-19 17:22 . 2008-11-06 02:03 <DIR> d-------- C:\SDFix 2009-03-19 15:41 . 2009-03-19 15:41 <DIR> d-------- c:\programme\Malwarebytes' Anti-Malware 2009-03-19 15:41 . 2009-03-19 15:41 <DIR> d-------- c:\dokumente und einstellungen\Marcus\Anwendungsdaten\Malwarebytes 2009-03-19 15:41 . 2009-03-19 15:41 <DIR> d-------- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes 2009-03-19 15:41 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-19 15:41 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-03-19 15:10 . 2009-03-19 15:10 <DIR> d-------- c:\programme\Safer Networking 2009-03-18 16:32 . 2009-03-18 16:32 <DIR> d-------- c:\dokumente und einstellungen\Marcus\Anwendungsdaten\Bitdefender 2009-03-18 16:31 . 2009-03-22 22:00 <DIR> d-------- c:\programme\Gemeinsame Dateien\BitDefender 2009-03-18 16:31 . 2009-03-18 16:31 <DIR> d-------- c:\programme\BitDefender 2009-03-18 16:31 . 2009-03-18 16:32 <DIR> d-------- c:\dokumente und einstellungen\All Users\Anwendungsdaten\BitDefender 2009-03-18 16:18 . 2009-03-18 16:18 <DIR> d-------- c:\programme\Trend Micro 2009-03-18 16:03 . 2009-03-18 16:03 <DIR> d-------- c:\dokumente und einstellungen\Marcus\Anwendungsdaten\QuickScan 2009-03-18 14:21 . 2009-03-18 15:16 <DIR> d-------- c:\windows\BDOSCAN8 2009-03-17 22:43 . 2009-03-18 15:53 <DIR> d-------- c:\windows\SxsCaPendDel 2009-03-17 20:55 . 2008-01-05 20:52 <DIR> d--h----- c:\dokumente und einstellungen\Administrator\Vorlagen 2009-03-17 20:55 . 2008-01-05 20:45 <DIR> dr------- c:\dokumente und einstellungen\Administrator\Startmenü 2009-03-17 20:55 . 2008-01-05 20:45 <DIR> d--h----- c:\dokumente und einstellungen\Administrator\Netzwerkumgebung 2009-03-17 20:55 . 2009-03-23 22:40 <DIR> d--h----- c:\dokumente und einstellungen\Administrator\Lokale Einstellungen 2009-03-17 20:55 . 2008-01-05 20:45 <DIR> d-------- c:\dokumente und einstellungen\Administrator\Favoriten 2009-03-17 20:55 . 2008-01-05 20:45 <DIR> d--h----- c:\dokumente und einstellungen\Administrator\Druckumgebung 2009-03-17 20:55 . 2008-01-05 20:45 <DIR> dr-h----- c:\dokumente und einstellungen\Administrator\Anwendungsdaten 2009-03-17 20:55 . 2009-03-17 20:55 <DIR> d-------- c:\dokumente und einstellungen\Administrator 2009-03-17 20:43 . 2009-03-17 20:43 <DIR> d-------- c:\windows\system32\Kaspersky Lab 2009-03-16 20:53 . 2009-03-22 21:48 <DIR> d--h----- c:\dokumente und einstellungen\Marcus\Netzwerkumgebung 2009-03-14 19:24 . 2009-03-14 19:24 <DIR> d-------- c:\dokumente und einstellungen\Marcus\Anwendungsdaten\The Creative Assembly 2009-03-14 19:24 . 2009-01-27 13:31 4,379,984 --a------ c:\windows\system32\D3DX9_40.dll 2009-03-12 17:43 . 2009-03-12 17:43 <DIR> d-------- C:\NVIDIA 2009-03-10 17:49 . 2009-03-16 20:23 1,080 --a------ c:\windows\system32\settingsbkup.sfm 2009-03-10 17:49 . 2009-03-16 20:23 1,080 --a------ c:\windows\system32\settings.sfm 2009-03-10 02:51 . 2009-03-23 22:12 54,760 --a------ c:\windows\system32\BMXState-{00000001-00000000-00000001-00001102-00000005-00291102}.rfx 2009-03-10 02:51 . 2009-03-23 22:12 788 --a------ c:\windows\system32\DVCState-{00000001-00000000-00000001-00001102-00000005-00291102}.rfx 2009-03-10 02:47 . 2006-05-24 04:49 44,567 -ra------ c:\windows\system32\SET17E.tmp 2009-03-10 01:56 . 2008-02-04 10:27 102,400 --a------ c:\windows\system32\cttele32.dll 2009-03-10 01:22 . 2003-06-12 23:25 7,062 --a------ c:\windows\system32\audiopid.vxd 2009-03-10 01:08 . 2009-03-10 01:08 <DIR> d-------- c:\programme\Gemeinsame Dateien\Creative Labs Shared 2009-03-10 00:41 . 2009-03-23 22:12 54,760 --a------ c:\windows\system32\BMXStateBkp-{00000001-00000000-00000001-00001102-00000005-00291102}.rfx 2009-03-10 00:40 . 1999-10-10 18:00 41,984 --------- c:\windows\Ctregrun.exe 2009-03-10 00:39 . 2000-05-11 01:00 90,112 --------- c:\windows\Updreg.EXE 2009-03-10 00:38 . 2005-02-07 17:45 3,128 --a------ c:\windows\system32\XFi.bmp 2009-03-10 00:38 . 2005-02-07 17:45 766 --a------ c:\windows\system32\SBXFi.ico 2009-03-10 00:35 . 2009-03-10 02:00 <DIR> d-------- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Creative 2009-03-10 00:35 . 2000-12-13 11:21 7,572,224 --------- c:\windows\system32\CT8MGM.SF2 2009-03-10 00:35 . 2000-12-05 02:11 4,174,814 --------- c:\windows\system32\CT4MGM.SF2 2009-03-10 00:35 . 1999-09-22 23:18 2,167,684 --a------ c:\windows\system32\CT2MGM.SF2 2009-03-10 00:16 . 2009-03-10 00:16 29 --a------ c:\windows\sfbm.INI 2009-03-10 00:13 . 2009-03-10 00:13 <DIR> d-------- c:\programme\Driver Cleaner Pro 2009-03-09 23:30 . 2008-10-07 23:44 11,776 --a------ c:\windows\INRES.DLL 2009-03-09 23:26 . 2008-10-07 23:26 108,544 --a------ c:\windows\system32\sfms32.dll 2009-03-09 23:26 . 2008-10-07 23:42 48,640 --a------ c:\windows\system32\ac3api.dll 2009-03-09 23:21 . 2009-03-10 00:45 152 --a------ c:\windows\CoolPlay.ini 2009-03-08 17:40 . 2009-03-08 17:40 940,794 --a------ c:\windows\system32\LoopyMusic.wav 2009-03-08 17:40 . 2009-03-08 17:40 146,650 --a------ c:\windows\system32\BuzzingBee.wav 2009-03-08 17:39 . 2009-03-08 17:39 <DIR> d-------- c:\windows\system32\Lang 2009-03-08 17:37 . 2009-02-09 14:34 35,840 --a------ c:\windows\system32\RtkCoInstXP.dll 2009-03-07 21:43 . 2009-03-11 22:45 <DIR> d-------- c:\dokumente und einstellungen\Marcus\Anwendungsdaten\nView_Wallpaper 2009-03-07 21:12 . 2009-03-14 22:24 8 --a------ c:\windows\system32\nvModes.dat 2009-03-07 21:04 . 2009-03-07 21:37 <DIR> d-------- c:\dokumente und einstellungen\All Users\Anwendungsdaten\nView_Profiles 2009-03-02 13:54 . 2009-03-02 14:08 118 --a-s---- c:\windows\system32\2620626525.dat 2009-02-26 15:04 . 2009-03-17 13:39 32 --a-s---- c:\windows\system32\22542376.dat 2009-02-25 19:39 . 2009-02-25 19:39 <DIR> d-------- c:\programme\Medieval Software 2009-02-25 17:58 . 2008-07-12 08:18 3,851,784 --a------ c:\windows\system32\D3DX9_39.dll 2009-02-25 17:58 . 2008-07-12 08:18 1,493,528 --a------ c:\windows\system32\D3DCompiler_39.dll 2009-02-25 17:58 . 2008-07-31 10:40 509,448 --a------ c:\windows\system32\XAudio2_2.dll 2009-02-25 17:58 . 2008-07-12 08:18 467,984 --a------ c:\windows\system32\d3dx10_39.dll 2009-02-25 17:58 . 2008-07-31 10:41 238,088 --a------ c:\windows\system32\xactengine3_2.dll 2009-02-25 17:58 . 2008-07-31 10:41 68,616 --a------ c:\windows\system32\XAPOFX1_1.dll 2009-02-25 17:13 . 2009-03-11 23:32 69 --a------ c:\windows\NeroDigital.ini 2009-02-25 16:59 . 2009-02-25 16:59 <DIR> d-------- c:\dokumente und einstellungen\NeroMediaHomeUser.4\Anwendungsdaten\Nero 2009-02-25 16:54 . 2008-01-05 20:52 <DIR> d--h----- c:\dokumente und einstellungen\NeroMediaHomeUser.4\Vorlagen 2009-02-25 16:54 . 2008-01-05 20:45 <DIR> dr------- c:\dokumente und einstellungen\NeroMediaHomeUser.4\Startmenü 2009-02-25 16:54 . 2008-01-05 20:45 <DIR> d--h----- c:\dokumente und einstellungen\NeroMediaHomeUser.4\Netzwerkumgebung 2009-02-25 16:54 . 2009-03-23 22:40 <DIR> d--h----- c:\dokumente und einstellungen\NeroMediaHomeUser.4\Lokale Einstellungen 2009-02-25 16:54 . 2008-01-05 20:45 <DIR> d-------- c:\dokumente und einstellungen\NeroMediaHomeUser.4\Favoriten 2009-02-25 16:54 . 2008-01-05 20:45 <DIR> d--h----- c:\dokumente und einstellungen\NeroMediaHomeUser.4\Druckumgebung 2009-02-25 16:54 . 2009-02-25 16:59 <DIR> dr-h----- c:\dokumente und einstellungen\NeroMediaHomeUser.4\Anwendungsdaten 2009-02-25 16:54 . 2009-02-25 16:54 <DIR> d-------- c:\dokumente und einstellungen\NeroMediaHomeUser.4 2009-02-25 16:41 . 2009-02-25 17:10 <DIR> d-------- c:\dokumente und einstellungen\Marcus\Anwendungsdaten\Nero 2009-02-25 16:29 . 2009-02-25 16:29 4,767 --a------ c:\windows\Irremote.ini 2009-02-25 16:27 . 2009-02-25 16:27 <DIR> d-------- c:\programme\Windows Sidebar 2009-02-25 16:10 . 2009-02-25 16:46 <DIR> d-------- c:\programme\Gemeinsame Dateien\Nero . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-23 21:12 81,984 ----a-w c:\windows\system32\bdod.bin 2009-03-23 20:43 --------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy 2009-03-23 20:29 --------- d-----w c:\programme\Gemeinsame Dateien\Wise Installation Wizard 2009-03-23 20:22 --------- d-----w c:\programme\Java 2009-03-23 20:17 --------- d-----w c:\programme\Gemeinsame Dateien\Adobe 2009-03-18 15:51 --------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft Help 2009-03-18 14:53 --------- d-----w c:\programme\Spybot - Search & Destroy 2009-03-18 14:18 --------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan 2009-03-17 22:17 --------- d-----w c:\programme\CCleaner 2009-03-17 20:45 --------- d-----w c:\programme\Windows Installer Clean Up 2009-03-10 18:47 --------- d-----w c:\programme\Security Task Manager 2009-03-10 01:49 444,952 ----a-w c:\windows\system32\wrap_oal.dll 2009-03-10 01:49 109,080 ----a-w c:\windows\system32\OpenAL32.dll 2009-03-10 01:46 --------- d--h--w c:\programme\InstallShield Installation Information 2009-03-10 00:51 --------- d-----w c:\programme\Creative 2009-03-09 23:24 --------- d-----w c:\programme\ATI Technologies 2009-03-09 23:24 --------- d-----w c:\dokumente und einstellungen\Marcus\Anwendungsdaten\ATI 2009-03-09 22:26 --------- d-----w c:\dokumente und einstellungen\Marcus\Anwendungsdaten\Creative 2009-03-09 21:23 355,584 ----a-w c:\windows\system32\TuneUpDefragService.exe 2009-03-09 21:23 --------- d-----w c:\programme\TuneUp Utilities 2008 2009-02-25 15:59 --------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\Nero 2009-02-25 15:54 --------- d-----w c:\programme\Nero 2009-02-21 13:14 --------- d-----w c:\programme\AGEIA Technologies 2009-02-16 17:12 --------- d-----w c:\dokumente und einstellungen\Tanja\Anwendungsdaten\MSN6 2009-02-09 14:04 1,846,912 ----a-w c:\windows\system32\win32k.sys 2009-02-06 18:53 --------- d-----w c:\programme\Gemeinsame Dateien\DirectX 2009-01-16 17:24 70,936 ----a-w c:\windows\system32\PhysXLoader.dll 2008-12-25 23:08 453,152 ----a-w c:\windows\system32\nvudisp.exe 2008-12-23 20:58 453,152 ----a-w c:\windows\system32\NVUNINST.EXE 2008-05-01 18:06 22,328 ----a-w c:\dokumente und einstellungen\Marcus\Anwendungsdaten\PnkBstrK.sys 2008-03-13 14:43 8 ----a-w c:\dokumente und einstellungen\Marcus\CH-Trainer-Keys.dat 2006-06-23 13:48 32,768 ----a-w c:\windows\inf\UpdateUSB.exe 1998-09-25 11:16 270,848 ----a-w c:\programme\UNWISE.EXE 2008-10-30 16:34 39,424 ----a-w c:\programme\mozilla firefox\components\FFComm.dll 2008-08-27 19:11 61 --sh--w c:\windows\cnerolf.bin 2008-08-30 12:27 32,768 --sha-w c:\windows\system32\config\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\MSHist012008083020080831\index.dat . ------- Sigcheck ------- 2006-04-20 13:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys 2007-10-30 17:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys 2008-06-20 11:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys 2008-06-20 12:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys 2008-06-20 12:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys 2008-06-20 11:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 c:\windows\$NtServicePackUninstall$\tcpip.sys 2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtUninstallKB917953$\tcpip.sys 2006-04-20 12:51 359808 1dbf125862891817f374f407626967f4 c:\windows\$NtUninstallKB941644$\tcpip.sys 2008-04-13 23:50 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\$NtUninstallKB951748$\tcpip.sys 2007-10-30 18:20 360064 90caff4b094573449a0872a0f919b178 c:\windows\$NtUninstallKB951748_0$\tcpip.sys 2008-04-13 23:50 361344 accf5a9a1ffaa490f33dba1c632b95e1 c:\windows\ServicePackFiles\i386\tcpip.sys 2008-04-13 20:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\tcpip.sys 2008-06-20 12:51 361600 9425b72f40257b45d45d24773273dad0 c:\windows\system32\dllcache\tcpip.sys 2008-06-20 12:51 361600 9425b72f40257b45d45d24773273dad0 c:\windows\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((( SnapShot@2009-03-23_22.26.45.18 ))))))))))))))))))))))))))))))))))))))))) . + 2009-03-23 21:37:20 16,384 ----atw c:\windows\temp\Perflib_Perfdata_73c.dat . |
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "H/PC Connection Agent"="c:\programme\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640] "Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-14 172544] "nwiz"="nwiz.exe" [2009-02-18 c:\windows\system32\nwiz.exe] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe] "CTxfiHlp"="CTXFIHLP.EXE" [2008-10-07 c:\windows\system32\Ctxfihlp.exe] "CTHelper"="CTHELPER.EXE" [2008-06-27 c:\windows\system32\CtHelper.exe] c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\ BTTray.lnk - c:\programme\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-29 561213] Logitech SetPoint.lnk - c:\programme\Logitech\SetPoint\SetPoint.exe [2008-07-13 805392] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 01:42 72208 c:\programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^ASUS WiFi-AP Solo.lnk] path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\ASUS WiFi-AP Solo.lnk backup=c:\windows\pss\ASUS WiFi-AP Solo.lnkCommon Startup [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Sonic CinePlayer Quick Launch.lnk] path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Sonic CinePlayer Quick Launch.lnk backup=c:\windows\pss\Sonic CinePlayer Quick Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2007-10-10 19:51 39792 c:\programme\Adobe\Reader 8.0\Reader\Reader_SL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent] --a------ 2008-09-04 19:11 368640 c:\programme\BitDefender\BitDefender 2008\bdagent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitDefender Antiphishing Helper] --a------ 2007-10-09 15:46 61440 c:\programme\BitDefender\BitDefender 2008\IEShow.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a------ 2005-02-16 15:15 221184 c:\progra~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a------ 2005-02-16 15:15 81920 c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] --a------ 2009-02-11 10:19 399504 c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] ---hs---- 2008-04-14 06:52 1695232 c:\programme\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero MediaHome 4] --a------ 2008-12-12 16:12 4584744 c:\programme\Nero\Nero MediaHome 4\NeroMediaHome.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF5 Registry Controller] --a------ 2008-02-27 01:20 58656 c:\programme\Nuance\PDF Professional 5\RegistryController.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFHook] --a------ 2008-02-27 01:21 795936 c:\programme\Nuance\PDF Professional 5\PdfPro5Hook.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-09-06 14:09 413696 c:\programme\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC] --a------ 2008-12-13 15:33 306088 c:\programme\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] --a------ 2007-03-26 07:43 210472 c:\programme\Gemeinsame Dateien\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2009-03-23 21:22 148888 c:\programme\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2008-02-24 17:45 185896 c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VolPanel] --------- 2008-08-06 16:31 233576 c:\programme\Creative\Volume Panel\VolPanlu.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "PnkBstrB"=3 (0x3) "PnkBstrA"=3 (0x3) "Nero BackItUp Scheduler 3"=2 (0x2) "MsSecurity1.209.4"=2 (0x2) "VSSERV"=2 (0x2) "scan"=3 (0x3) "LIVESRV"=2 (0x2) "XCOMM"=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=c:\windows\system32\ctfmon.exe "SpybotSD TeaTimer"=c:\programme\Spybot - Search & Destroy\TeaTimer.exe "H/PC Connection Agent"="c:\programme\Microsoft ActiveSync\wcescomm.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "CTxfiHlp"=CTXFIHLP.EXE "CTHelper"=CTHELPER.EXE "issch"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start "ISUSPM"=c:\progra~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup "System"=explorer.exe "NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Programme\\Messenger\\msmsgs.exe"= "d:\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"= "d:\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"= "d:\\AC\\AssassinsCreed_Dx9.exe"= "d:\\AC\\AssassinsCreed_Dx10.exe"= "d:\\AC\\AssassinsCreed_Launcher.exe"= "d:\\RainbowSix_Vegas 2\\Binaries\\R6Vegas2_Game.exe"= "d:\\RainbowSix_Vegas 2\\Binaries\\R6Vegas2_Launcher.exe"= "d:\\Grid\\GRID.exe"= "d:\\Mass Effect\\Binaries\\MassEffect.exe"= "d:\\Mass Effect\\MassEffectLauncher.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "e:\\Call of Duty - World at War\\CoDWaWmp.exe"= "e:\\Call of Duty - World at War\\CoDWaW.exe"= "c:\\Programme\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"= "e:\\GTA IV\\Grand Theft Auto IV\\LaunchGTAIV.exe"= "c:\programme\Microsoft ActiveSync\rapimgr.exe"= c:\programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\programme\Microsoft ActiveSync\wcescomm.exe"= c:\programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\programme\Microsoft ActiveSync\WCESMgr.exe"= c:\programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "d:\\MirrorsEdge\\Binaries\\MirrorsEdge.exe"= "d:\\Tom Clancy's EndWar\\Binaries\\EndWar.exe"= "d:\\Tom Clancy's EndWar\\Tom Clancy's EndWar Launcher.exe"= "c:\\Programme\\Bonjour\\mDNSResponder.exe"= "c:\\Programme\\Nero\\Nero MediaHome 4\\NMMediaServerService.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R2 acedrv11;acedrv11;c:\windows\system32\drivers\ACEDRV11.sys [2008-01-23 501560] R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2008-06-02 86792] R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2008-10-08 171032] R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2008-10-08 1324056] R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2008-10-08 72728] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?] S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?] S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?] S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2008-06-27 99352] S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2008-06-27 99352] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\programme\Gemeinsame Dateien\Creative Labs Shared\Service\CTAELicensing.exe [2009-03-10 79360] S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2008-10-08 171032] S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2008-06-27 555032] S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2008-06-27 555032] S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2008-06-27 100888] S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2008-06-27 100888] S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2008-10-08 1324056] S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2008-10-08 72728] S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2008-06-27 566296] S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2008-06-27 566296] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2008-02-04 13352] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-03-19 15504] S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\E.tmp --> c:\windows\system32\E.tmp [?] S3 NeroMediaHomeService.4;Nero MediaHome 4 Service;c:\programme\Nero\Nero MediaHome 4\NMMediaServerService.exe [2008-12-12 476456] S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys --> c:\windows\system32\drivers\Partizan.sys [?] S3 pctplsg;pctplsg;\??\c:\windows\system32\drivers\pctplsg.sys --> c:\windows\system32\drivers\pctplsg.sys [?] S3 PDFProFiltSrv;PDFProFiltSrv;c:\programme\Nuance\PDF Professional 5\PDFProFiltSrv.exe [2008-02-27 144672] S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2008-01-06 176128] S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2008-01-06 13532] S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?] S4 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [2009-03-19 179856] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 bdx REG_MULTI_SZ scan HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K] \Shell\AutoRun\command - k:\ctrun\Start.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L] \Shell\AutoRun\command - L:\Autorun.exe . Inhalt des "geplante Tasks" Ordners 2008-12-21 c:\windows\Tasks\1-Klick-Wartung.job - c:\programme\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-11 11:54] 2009-03-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = about:blank uInternet Settings,ProxyOverride = *.local IE: An vorhandene PDF-Datei anhängen - c:\programme\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML IE: Inhalt der ausgewählten Links an vorhandene PDF-Datei anhängen - c:\programme\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML IE: Linkinhalt an vorhandene PDF-Datei anhängen - c:\programme\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML IE: Mit Nuance PDF Converter 5.0 öffnen - c:\programme\Nuance\PDF Professional 5\cnvres_ger.dll /100 IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: PDF-Datei aus Linkinhalt erstellen - c:\programme\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML IE: PDF-Datei erstellen - c:\programme\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML IE: PDF-Dateien aus den ausgewählten Links erstellen - c:\programme\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML IE: Senden an &Bluetooth-Gerät... - c:\programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.de/scan_de/scan8/oscan8.cab FF - ProfilePath - c:\dokumente und einstellungen\Marcus\Anwendungsdaten\Mozilla\Firefox\Profiles\tq7bhggu.default\ FF - prefs.js: browser.startup.homepage - www.google.at FF - component: c:\programme\Mozilla Firefox\components\FFComm.dll ---- FIREFOX Richtlinien ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: content.max.tokenizing.time - 200000 FF - user.js: content.notify.interval - 100000 FF - user.js: content.switch.threshold - 650000 FF - user.js: nglayout.initialpaint.delay - 300 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-23 22:40:28 Windows 5.1.2600 Service Pack 3 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2] "ImagePath"="\??\c:\windows\system32\E.tmp" . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_USERS\S-1-5-21-1409082233-2052111302-839522115-1003\Software\SecuROM\License information*] "datasecu"=hex:4b,f2,ac,4d,df,7e,55,5c,2c,f5,ba,4e,81,22,f6,97,09,4e,ba,28,5e, 65,5a,28,42,e2,21,f2,c4,07,20,9f,c8,ad,ee,b9,77,a3,0c,a1,d8,ff,c3,80,3b,a1,\ "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*] "OODEFRAG11.00.00.01WORKSTATION"="48641732BF58E5223C4523609E4DD6453CA12C5AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BEC C74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC79338EDD5E5BE2F6E6675D575E7D6A3B9808D0194AED296BD235052CCECB566B2671A7E35FA9E3ADD9217CED94589EAB717D95 52896C890388BE1D3020F6C93F0696591098C3DE3312BA1ABBEFB1A8D866FDE0351A8DC2CB697F63AB038A2A501BDF5C946643B867CF8EADBFEECAE97741234D0F314F7802654789AD6ACE C06920B516611959FE473C3FEE6B5FDED356B6E50973B7169E64E00A52087BF1265A48267EAA339B1054F412ADF2410B2AC673E5D938CC2A0034B360175212024A76395FA3E86E8321128C 714BCF48D3051D15671577C0353AB92A05C3E8BCF4701609B927D7B46E39090A6A3F3FDD1F5235AFCEA60F1948BFBE05D7D76ABCA2AE1547AA3E78269D34C7E5B091C29E36D26A4AA98D21 90D55411F5DCE9390AC6EED1F452328E16B6C1DB8E18E39FDA489B9FDEA5DC1413B4148527BD9F7DCD03F0B1056F5F210CC266DC679C65DD96E6153A5D153C1242A16B70B444362168DAC8 9A62E6B7FDC2B078E0C459DDCA8B8AFAA428EFE70974BB1CAE2C61FED46BB75AF8694341342B4FA587F01327F9250B60CB9750AD2C3385BB1D94285C0A1C6462BCEB3014986855EB6FAAAD 2FBC85A7A72175F5F0EF3C67B51FE4D148797791EF59AD7EDEC2D05D20BCA3B4F9AF7E840B1B02C22A1080ABC51B0839CD9E295664C568A3E10FF1E3E99902D49B2D9A251732EE3EE20926 0300FB5FDE0EB61728F67EC838719E8948C3B2DF603FD896762BE46393BC9E850048303EE53D46D4E33304707978D30C538037CA4C241661C5FD347A9069D5AC1AD8AAED16A3932E4A7758 F3C7F3D721ACC05DC4341A0EA0C598274429AF79DDADBE62A85C9DAAA100F604DC29749624E07DDCC3558A2FAC8BD5C543F36B178D785D511F481AD9610EB691A7C49FC0A3E20372B2916D AA9213E69F6EAC0D81E59E6975750F9E35D45F13124568AF49E308F0DFEE6FD1F312BA52C3AFB0164F4529ECD34485C31495C5BA989A0670695D09B9E74B175AC59F44EFC967049E59BB80 467196A9351072F3B0BC81B0C31D3A8326540C573D1CE3566B4BE84C52BE8E76A658ED9AB309ED04CA99C6A21F245BF8D371EC2243B83CFBC6E47956EFE0393D92183C1E12A23FF03451AA 370B83D1CFAE111C8E4DA138225639D50F4AE6E7EBE543EA193A444F1D6C046271A682E8CE7D0639544B9E9D9B426E2D0B4AB9FB7FCE705619A798BE4B455B187521AD98A5572ADC53C4BC 629F892CA001E8880C56CCBACCCE6B8D5D24E583E88B40D41265275A118BD34FB5C8F921C8CAB7C5E0B33640140DA9D83534C72A639F5E8CB8822D765125A5E77714" . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- - - - - - - - > 'winlogon.exe'(996) c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTServ.dll . Zeit der Fertigstellung: 2009-03-23 22:41:30 ComboFix-quarantined-files.txt 2009-03-23 21:41:14 ComboFix2.txt 2009-03-23 21:28:16 Vor Suchlauf: 16 Verzeichnis(se), 11.848.536.064 Bytes frei Nach Suchlauf: 16 Verzeichnis(se), 11,826,405,376 Bytes frei 395 --- E O F --- 2009-03-17 15:20:10 |
Hi, hier die Adobe anleitung zum Flashplayerproblem: Link Die Rechte auf den Schlüsel sind falsch gesetzt, sodass du nicht auf den Schlüssel zugreifen kannst. Entweder du installierst den Flashplayer neu und deinstallierst ihn wieder um das Problem zu beheben, oder du rufst den Schlüssel mit regedit auf und setzt die Berechtigungen manuell neu um den Schlüssel danach zu entfernen. Scripten mit Combofix
Zitat:
Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann lg myrtille |
Hi, so habe den Schlüssel in der Registry nun mit deiner Hilfe wegbekommen, danke dafür! Konnte leider den Bitdefender nicht wieder so komplett deaktivieren, sodass ich Windows im Sicheren Modus gestartet habe. (Bitdefender hier dann nicht geladen also deaktiviert) Hier das Log: ComboFix 09-03-22.01 - Marcus 2009-03-24 22:09:07.3 - NTFSx86 MINIMAL Microsoft Windows XP Professional 5.1.2600.3.1252.1.1031.18.3071.2743 [GMT 1:00] ausgeführt von:: c:\dokumente und einstellungen\Marcus\Desktop\ComboFix.exe Benutzte Befehlsschalter :: c:\dokumente und einstellungen\Marcus\Desktop\cfscript.txt AV: Bitdefender Antivirus *On-access scanning enabled* (Updated) FW: Bitdefender Firewall *enabled* Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !! FILE :: c:\windows\system32\1031f.exe c:\windows\system32\acleditq.exe c:\windows\system32\drivers\abwn0gbu.sys c:\windows\system32\vwnqtkzc.exe . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MEMSWEEP2 -------\Service_MEMSWEEP2 ((((((((((((((((((((((( Dateien erstellt von 2009-02-24 bis 2009-03-24 )))))))))))))))))))))))))))))) . 2009-03-23 21:22 . 2009-03-23 21:22 410,984 --a------ c:\windows\system32\deploytk.dll 2009-03-22 23:13 . 2009-03-22 23:13 <DIR> d-------- C:\rsit 2009-03-22 20:54 . 2009-03-22 20:54 32 --a-s---- c:\windows\system32\4221534445.dat 2009-03-22 11:59 . 2009-03-23 21:25 <DIR> d-------- c:\programme\Sophos 2009-03-22 11:22 . 2009-03-22 11:31 <DIR> d-------- c:\programme\Blacklight 2009-03-20 21:33 . 2009-03-23 21:02 <DIR> d-------- c:\programme\Lavasoft 2009-03-20 21:33 . 2009-03-23 21:02 <DIR> d-------- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft 2009-03-20 20:02 . 2009-03-20 20:02 17 --a------ C:\stinger10000482.opt 2009-03-20 19:24 . 2009-03-20 19:24 2,639,879 --a------ C:\stinger10000482.exe 2009-03-20 18:49 . 2009-03-20 18:49 <DIR> d-------- c:\dokumente und einstellungen\Tanja\Anwendungsdaten\Bitdefender 2009-03-20 14:46 . 2009-03-20 14:46 74 --a------ c:\windows\lsoon.ini 2009-03-20 14:16 . 2009-03-20 15:17 <DIR> d-------- c:\dokumente und einstellungen\Marcus\Anwendungsdaten\Regrun 2009-03-20 14:16 . 2009-03-20 14:46 <DIR> d-------- C:\backreg 2009-03-20 14:16 . 2009-03-20 14:16 (2) -rahs-ot- c:\windows\winstart.bat 2009-03-20 14:15 . 2009-03-20 14:15 <DIR> d-------- c:\programme\Greatis 2009-03-20 14:15 . 2003-09-06 15:55 57,556 --a------ c:\windows\guard.bmp 2009-03-20 00:09 . 2009-03-23 21:29 <DIR> d-------- c:\programme\SUPERAntiSpyware 2009-03-20 00:09 . 2009-03-23 21:29 <DIR> d-------- c:\dokumente und einstellungen\Marcus\Anwendungsdaten\SUPERAntiSpyware.com 2009-03-20 00:09 . 2009-03-20 00:09 <DIR> d-------- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com 2009-03-19 18:00 . 2009-03-23 21:29 <DIR> d-a------ c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP 2009-03-19 18:00 . 2009-03-23 21:29 <DIR> d-------- c:\dokumente und einstellungen\All Users\Anwendungsdaten\PC Tools 2009-03-19 17:48 . 2009-03-19 17:48 <DIR> d-------- C:\VundoFix Backups 2009-03-19 17:29 . 2009-03-19 17:29 580,096 --a--c--- c:\windows\system32\dllcache\user32.dll 2009-03-19 17:27 . 2009-03-19 17:27 <DIR> d-------- c:\windows\ERUNT 2009-03-19 17:22 . 2008-11-06 02:03 <DIR> d-------- C:\SDFix 2009-03-19 15:41 . 2009-03-19 15:41 <DIR> d-------- c:\programme\Malwarebytes' Anti-Malware 2009-03-19 15:41 . 2009-03-19 15:41 <DIR> d-------- c:\dokumente und einstellungen\Marcus\Anwendungsdaten\Malwarebytes 2009-03-19 15:41 . 2009-03-19 15:41 <DIR> d-------- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes 2009-03-19 15:41 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-19 15:41 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-03-19 15:10 . 2009-03-19 15:10 <DIR> d-------- c:\programme\Safer Networking 2009-03-18 16:32 . 2009-03-18 16:32 <DIR> d-------- c:\dokumente und einstellungen\Marcus\Anwendungsdaten\Bitdefender 2009-03-18 16:31 . 2009-03-22 22:00 <DIR> d-------- c:\programme\Gemeinsame Dateien\BitDefender 2009-03-18 16:31 . 2009-03-18 16:31 <DIR> d-------- c:\programme\BitDefender 2009-03-18 16:31 . 2009-03-18 16:32 <DIR> d-------- c:\dokumente und einstellungen\All Users\Anwendungsdaten\BitDefender 2009-03-18 16:18 . 2009-03-18 16:18 <DIR> d-------- c:\programme\Trend Micro 2009-03-18 16:03 . 2009-03-18 16:03 <DIR> d-------- c:\dokumente und einstellungen\Marcus\Anwendungsdaten\QuickScan 2009-03-18 14:21 . 2009-03-18 15:16 <DIR> d-------- c:\windows\BDOSCAN8 2009-03-17 22:43 . 2009-03-18 15:53 <DIR> d-------- c:\windows\SxsCaPendDel 2009-03-17 20:55 . 2008-01-05 20:52 <DIR> d--h----- c:\dokumente und einstellungen\Administrator\Vorlagen 2009-03-17 20:55 . 2008-01-05 20:45 <DIR> dr------- c:\dokumente und einstellungen\Administrator\Startmenü 2009-03-17 20:55 . 2008-01-05 20:45 <DIR> d--h----- c:\dokumente und einstellungen\Administrator\Netzwerkumgebung 2009-03-17 20:55 . 2009-03-23 22:41 <DIR> d--h----- c:\dokumente und einstellungen\Administrator\Lokale Einstellungen 2009-03-17 20:55 . 2008-01-05 20:45 <DIR> d-------- c:\dokumente und einstellungen\Administrator\Favoriten 2009-03-17 20:55 . 2008-01-05 20:45 <DIR> d--h----- c:\dokumente und einstellungen\Administrator\Druckumgebung 2009-03-17 20:55 . 2008-01-05 20:45 <DIR> dr-h----- c:\dokumente und einstellungen\Administrator\Anwendungsdaten 2009-03-17 20:55 . 2009-03-17 20:55 <DIR> d-------- c:\dokumente und einstellungen\Administrator 2009-03-17 20:43 . 2009-03-17 20:43 <DIR> d-------- c:\windows\system32\Kaspersky Lab 2009-03-16 20:53 . 2009-03-22 21:48 <DIR> d--h----- c:\dokumente und einstellungen\Marcus\Netzwerkumgebung 2009-03-14 19:24 . 2009-03-14 19:24 <DIR> d-------- c:\dokumente und einstellungen\Marcus\Anwendungsdaten\The Creative Assembly 2009-03-14 19:24 . 2009-01-27 13:31 4,379,984 --a------ c:\windows\system32\D3DX9_40.dll 2009-03-12 17:43 . 2009-03-12 17:43 <DIR> d-------- C:\NVIDIA 2009-03-10 17:49 . 2009-03-16 20:23 1,080 --a------ c:\windows\system32\settingsbkup.sfm 2009-03-10 17:49 . 2009-03-16 20:23 1,080 --a------ c:\windows\system32\settings.sfm 2009-03-10 02:51 . 2009-03-24 22:02 54,760 --a------ c:\windows\system32\BMXState-{00000001-00000000-00000001-00001102-00000005-00291102}.rfx 2009-03-10 02:51 . 2009-03-24 22:02 788 --a------ c:\windows\system32\DVCState-{00000001-00000000-00000001-00001102-00000005-00291102}.rfx 2009-03-10 02:47 . 2006-05-24 04:49 44,567 -ra------ c:\windows\system32\SET17E.tmp 2009-03-10 01:56 . 2008-02-04 10:27 102,400 --a------ c:\windows\system32\cttele32.dll 2009-03-10 01:22 . 2003-06-12 23:25 7,062 --a------ c:\windows\system32\audiopid.vxd 2009-03-10 01:08 . 2009-03-10 01:08 <DIR> d-------- c:\programme\Gemeinsame Dateien\Creative Labs Shared 2009-03-10 00:41 . 2009-03-24 22:02 54,760 --a------ c:\windows\system32\BMXStateBkp-{00000001-00000000-00000001-00001102-00000005-00291102}.rfx 2009-03-10 00:40 . 1999-10-10 18:00 41,984 --------- c:\windows\Ctregrun.exe 2009-03-10 00:39 . 2000-05-11 01:00 90,112 --------- c:\windows\Updreg.EXE 2009-03-10 00:38 . 2005-02-07 17:45 3,128 --a------ c:\windows\system32\XFi.bmp 2009-03-10 00:38 . 2005-02-07 17:45 766 --a------ c:\windows\system32\SBXFi.ico 2009-03-10 00:35 . 2009-03-10 02:00 <DIR> d-------- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Creative 2009-03-10 00:35 . 2000-12-13 11:21 7,572,224 --------- c:\windows\system32\CT8MGM.SF2 2009-03-10 00:35 . 2000-12-05 02:11 4,174,814 --------- c:\windows\system32\CT4MGM.SF2 2009-03-10 00:35 . 1999-09-22 23:18 2,167,684 --a------ c:\windows\system32\CT2MGM.SF2 2009-03-10 00:16 . 2009-03-10 00:16 29 --a------ c:\windows\sfbm.INI 2009-03-10 00:13 . 2009-03-10 00:13 <DIR> d-------- c:\programme\Driver Cleaner Pro 2009-03-09 23:30 . 2008-10-07 23:44 11,776 --a------ c:\windows\INRES.DLL 2009-03-09 23:26 . 2008-10-07 23:26 108,544 --a------ c:\windows\system32\sfms32.dll 2009-03-09 23:26 . 2008-10-07 23:42 48,640 --a------ c:\windows\system32\ac3api.dll 2009-03-09 23:21 . 2009-03-10 00:45 152 --a------ c:\windows\CoolPlay.ini 2009-03-08 17:40 . 2009-03-08 17:40 940,794 --a------ c:\windows\system32\LoopyMusic.wav 2009-03-08 17:40 . 2009-03-08 17:40 146,650 --a------ c:\windows\system32\BuzzingBee.wav 2009-03-08 17:39 . 2009-03-08 17:39 <DIR> d-------- c:\windows\system32\Lang 2009-03-08 17:37 . 2009-02-09 14:34 35,840 --a------ c:\windows\system32\RtkCoInstXP.dll 2009-03-07 21:43 . 2009-03-11 22:45 <DIR> d-------- c:\dokumente und einstellungen\Marcus\Anwendungsdaten\nView_Wallpaper 2009-03-07 21:12 . 2009-03-14 22:24 8 --a------ c:\windows\system32\nvModes.dat 2009-03-07 21:04 . 2009-03-07 21:37 <DIR> d-------- c:\dokumente und einstellungen\All Users\Anwendungsdaten\nView_Profiles 2009-03-02 13:54 . 2009-03-02 14:08 118 --a-s---- c:\windows\system32\2620626525.dat 2009-02-26 15:04 . 2009-03-17 13:39 32 --a-s---- c:\windows\system32\22542376.dat 2009-02-25 19:39 . 2009-02-25 19:39 <DIR> d-------- c:\programme\Medieval Software 2009-02-25 17:58 . 2008-07-12 08:18 3,851,784 --a------ c:\windows\system32\D3DX9_39.dll 2009-02-25 17:58 . 2008-07-12 08:18 1,493,528 --a------ c:\windows\system32\D3DCompiler_39.dll 2009-02-25 17:58 . 2008-07-31 10:40 509,448 --a------ c:\windows\system32\XAudio2_2.dll 2009-02-25 17:58 . 2008-07-12 08:18 467,984 --a------ c:\windows\system32\d3dx10_39.dll 2009-02-25 17:58 . 2008-07-31 10:41 238,088 --a------ c:\windows\system32\xactengine3_2.dll 2009-02-25 17:58 . 2008-07-31 10:41 68,616 --a------ c:\windows\system32\XAPOFX1_1.dll 2009-02-25 17:13 . 2009-03-11 23:32 69 --a------ c:\windows\NeroDigital.ini 2009-02-25 16:59 . 2009-02-25 16:59 <DIR> d-------- c:\dokumente und einstellungen\NeroMediaHomeUser.4\Anwendungsdaten\Nero 2009-02-25 16:54 . 2008-01-05 20:52 <DIR> d--h----- c:\dokumente und einstellungen\NeroMediaHomeUser.4\Vorlagen 2009-02-25 16:54 . 2008-01-05 20:45 <DIR> dr------- c:\dokumente und einstellungen\NeroMediaHomeUser.4\Startmenü 2009-02-25 16:54 . 2008-01-05 20:45 <DIR> d--h----- c:\dokumente und einstellungen\NeroMediaHomeUser.4\Netzwerkumgebung 2009-02-25 16:54 . 2009-03-23 22:41 <DIR> d--h----- c:\dokumente und einstellungen\NeroMediaHomeUser.4\Lokale Einstellungen 2009-02-25 16:54 . 2008-01-05 20:45 <DIR> d-------- c:\dokumente und einstellungen\NeroMediaHomeUser.4\Favoriten 2009-02-25 16:54 . 2008-01-05 20:45 <DIR> d--h----- c:\dokumente und einstellungen\NeroMediaHomeUser.4\Druckumgebung 2009-02-25 16:54 . 2009-02-25 16:59 <DIR> dr-h----- c:\dokumente und einstellungen\NeroMediaHomeUser.4\Anwendungsdaten 2009-02-25 16:54 . 2009-02-25 16:54 <DIR> d-------- c:\dokumente und einstellungen\NeroMediaHomeUser.4 2009-02-25 16:41 . 2009-02-25 17:10 <DIR> d-------- c:\dokumente und einstellungen\Marcus\Anwendungsdaten\Nero 2009-02-25 16:29 . 2009-02-25 16:29 4,767 --a------ c:\windows\Irremote.ini 2009-02-25 16:27 . 2009-02-25 16:27 <DIR> d-------- c:\programme\Windows Sidebar 2009-02-25 16:10 . 2009-02-25 16:46 <DIR> d-------- c:\programme\Gemeinsame Dateien\Nero . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-23 20:43 --------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy 2009-03-23 20:29 --------- d-----w c:\programme\Gemeinsame Dateien\Wise Installation Wizard 2009-03-23 20:22 --------- d-----w c:\programme\Java 2009-03-23 20:17 --------- d-----w c:\programme\Gemeinsame Dateien\Adobe 2009-03-18 15:51 --------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft Help 2009-03-18 14:53 --------- d-----w c:\programme\Spybot - Search & Destroy 2009-03-18 14:18 --------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan 2009-03-17 22:17 --------- d-----w c:\programme\CCleaner 2009-03-17 20:45 --------- d-----w c:\programme\Windows Installer Clean Up 2009-03-10 18:47 --------- d-----w c:\programme\Security Task Manager 2009-03-10 01:46 --------- d--h--w c:\programme\InstallShield Installation Information 2009-03-10 00:51 --------- d-----w c:\programme\Creative 2009-03-09 23:24 --------- d-----w c:\programme\ATI Technologies 2009-03-09 23:24 --------- d-----w c:\dokumente und einstellungen\Marcus\Anwendungsdaten\ATI 2009-03-09 22:26 --------- d-----w c:\dokumente und einstellungen\Marcus\Anwendungsdaten\Creative 2009-03-09 21:23 --------- d-----w c:\programme\TuneUp Utilities 2008 2009-02-25 15:59 --------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\Nero 2009-02-25 15:54 --------- d-----w c:\programme\Nero 2009-02-21 13:14 --------- d-----w c:\programme\AGEIA Technologies 2009-02-18 13:44 6,308,224 ----a-w c:\windows\system32\drivers\nv4_mini.sys 2009-02-16 17:12 --------- d-----w c:\dokumente und einstellungen\Tanja\Anwendungsdaten\MSN6 2009-02-06 18:53 --------- d-----w c:\programme\Gemeinsame Dateien\DirectX 2008-05-01 18:06 22,328 ----a-w c:\dokumente und einstellungen\Marcus\Anwendungsdaten\PnkBstrK.sys 2008-03-13 14:43 8 ----a-w c:\dokumente und einstellungen\Marcus\CH-Trainer-Keys.dat 1998-09-25 11:16 270,848 ----a-w c:\programme\UNWISE.EXE 2008-10-30 16:34 39,424 ----a-w c:\programme\mozilla firefox\components\FFComm.dll 2008-08-27 19:11 61 --sh--w c:\windows\cnerolf.bin 2008-08-30 12:27 32,768 --sha-w c:\windows\system32\config\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\MSHist012008083020080831\index.dat . ------- Sigcheck ------- 2006-04-20 13:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys 2007-10-30 17:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys 2008-06-20 11:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys 2008-06-20 12:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys 2008-06-20 12:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys 2008-06-20 11:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 c:\windows\$NtServicePackUninstall$\tcpip.sys 2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtUninstallKB917953$\tcpip.sys 2006-04-20 12:51 359808 1dbf125862891817f374f407626967f4 c:\windows\$NtUninstallKB941644$\tcpip.sys 2008-04-13 23:50 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\$NtUninstallKB951748$\tcpip.sys 2007-10-30 18:20 360064 90caff4b094573449a0872a0f919b178 c:\windows\$NtUninstallKB951748_0$\tcpip.sys 2008-04-13 23:50 361344 accf5a9a1ffaa490f33dba1c632b95e1 c:\windows\ServicePackFiles\i386\tcpip.sys 2008-04-13 20:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\tcpip.sys 2008-06-20 12:51 361600 9425b72f40257b45d45d24773273dad0 c:\windows\system32\dllcache\tcpip.sys 2008-06-20 12:51 361600 9425b72f40257b45d45d24773273dad0 c:\windows\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((( SnapShot@2009-03-23_22.26.45.18 ))))))))))))))))))))))))))))))))))))))))) . - 2009-03-23 21:12:46 81,984 ----a-w c:\windows\system32\bdod.bin + 2009-03-24 21:02:54 81,984 ----a-w c:\windows\system32\bdod.bin - 2009-03-20 20:02:41 1,984 ----a-w c:\windows\system32\d3d9caps.dat + 2009-03-24 21:07:16 1,984 ----a-w c:\windows\system32\d3d9caps.dat . |
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "H/PC Connection Agent"="c:\programme\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640] "nwiz"="nwiz.exe" [2009-02-18 c:\windows\system32\nwiz.exe] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe] "CTxfiHlp"="CTXFIHLP.EXE" [2008-10-07 c:\windows\system32\Ctxfihlp.exe] "CTHelper"="CTHELPER.EXE" [2008-06-27 c:\windows\system32\CtHelper.exe] c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\ BTTray.lnk - c:\programme\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-29 561213] Logitech SetPoint.lnk - c:\programme\Logitech\SetPoint\SetPoint.exe [2008-07-13 805392] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 01:42 72208 c:\programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^ASUS WiFi-AP Solo.lnk] path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\ASUS WiFi-AP Solo.lnk backup=c:\windows\pss\ASUS WiFi-AP Solo.lnkCommon Startup [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Sonic CinePlayer Quick Launch.lnk] path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Sonic CinePlayer Quick Launch.lnk backup=c:\windows\pss\Sonic CinePlayer Quick Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2009-02-27 17:10 35696 c:\programme\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent] --a------ 2008-09-04 19:11 368640 c:\programme\BitDefender\BitDefender 2008\bdagent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitDefender Antiphishing Helper] --a------ 2007-10-09 15:46 61440 c:\programme\BitDefender\BitDefender 2008\IEShow.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a------ 2005-02-16 15:15 221184 c:\progra~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a------ 2005-02-16 15:15 81920 c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] --a------ 2009-02-11 10:19 399504 c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] ---hs---- 2008-04-14 06:52 1695232 c:\programme\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero MediaHome 4] --a------ 2008-12-12 16:12 4584744 c:\programme\Nero\Nero MediaHome 4\NeroMediaHome.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF5 Registry Controller] --a------ 2008-02-27 01:20 58656 c:\programme\Nuance\PDF Professional 5\RegistryController.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFHook] --a------ 2008-02-27 01:21 795936 c:\programme\Nuance\PDF Professional 5\PdfPro5Hook.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-09-06 14:09 413696 c:\programme\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC] --a------ 2008-12-13 15:33 306088 c:\programme\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] --a------ 2007-03-26 07:43 210472 c:\programme\Gemeinsame Dateien\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2009-03-23 21:22 148888 c:\programme\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2008-02-24 17:45 185896 c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VolPanel] --------- 2008-08-06 16:31 233576 c:\programme\Creative\Volume Panel\VolPanlu.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "PnkBstrB"=3 (0x3) "PnkBstrA"=3 (0x3) "Nero BackItUp Scheduler 3"=2 (0x2) "MsSecurity1.209.4"=2 (0x2) "scan"=3 (0x3) "TuneUp.Defrag"=3 (0x3) "PDFProFiltSrv"=3 (0x3) "O&O Defrag"=3 (0x3) "NeroMediaHomeService.4"=3 (0x3) "Nero BackItUp Scheduler 4.0"=3 (0x3) "JavaQuickStarterService"=2 (0x2) "IDriverT"=3 (0x3) "FLEXnet Licensing Service"=3 (0x3) "Creative Audio Engine Licensing Service"=3 (0x3) "Bonjour Service"=3 (0x3) "VSSERV"=2 (0x2) "LIVESRV"=2 (0x2) "XCOMM"=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=c:\windows\system32\ctfmon.exe "SpybotSD TeaTimer"=c:\programme\Spybot - Search & Destroy\TeaTimer.exe "H/PC Connection Agent"="c:\programme\Microsoft ActiveSync\wcescomm.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "CTxfiHlp"=CTXFIHLP.EXE "CTHelper"=CTHELPER.EXE "issch"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start "ISUSPM"=c:\progra~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup "System"=explorer.exe "NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Programme\\Messenger\\msmsgs.exe"= "d:\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"= "d:\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"= "d:\\AC\\AssassinsCreed_Dx9.exe"= "d:\\AC\\AssassinsCreed_Dx10.exe"= "d:\\AC\\AssassinsCreed_Launcher.exe"= "d:\\RainbowSix_Vegas 2\\Binaries\\R6Vegas2_Game.exe"= "d:\\RainbowSix_Vegas 2\\Binaries\\R6Vegas2_Launcher.exe"= "d:\\Grid\\GRID.exe"= "d:\\Mass Effect\\Binaries\\MassEffect.exe"= "d:\\Mass Effect\\MassEffectLauncher.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "e:\\Call of Duty - World at War\\CoDWaWmp.exe"= "e:\\Call of Duty - World at War\\CoDWaW.exe"= "c:\\Programme\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"= "e:\\GTA IV\\Grand Theft Auto IV\\LaunchGTAIV.exe"= "c:\programme\Microsoft ActiveSync\rapimgr.exe"= c:\programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\programme\Microsoft ActiveSync\wcescomm.exe"= c:\programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\programme\Microsoft ActiveSync\WCESMgr.exe"= c:\programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "d:\\MirrorsEdge\\Binaries\\MirrorsEdge.exe"= "d:\\Tom Clancy's EndWar\\Binaries\\EndWar.exe"= "d:\\Tom Clancy's EndWar\\Tom Clancy's EndWar Launcher.exe"= "c:\\Programme\\Bonjour\\mDNSResponder.exe"= "c:\\Programme\\Nero\\Nero MediaHome 4\\NMMediaServerService.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R2 acedrv11;acedrv11;c:\windows\system32\drivers\ACEDRV11.sys [2008-01-23 501560] R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2008-06-02 86792] R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2008-10-08 171032] R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2008-10-08 1324056] R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2008-10-08 72728] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?] S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?] S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?] S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2008-06-27 99352] S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2008-06-27 99352] S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2008-10-08 171032] S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2008-06-27 555032] S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2008-06-27 555032] S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2008-06-27 100888] S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2008-06-27 100888] S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2008-10-08 1324056] S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2008-10-08 72728] S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2008-06-27 566296] S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2008-06-27 566296] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2008-02-04 13352] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-03-19 15504] S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys --> c:\windows\system32\drivers\Partizan.sys [?] S3 pctplsg;pctplsg;\??\c:\windows\system32\drivers\pctplsg.sys --> c:\windows\system32\drivers\pctplsg.sys [?] S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2008-01-06 176128] S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2008-01-06 13532] S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?] S4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\programme\Gemeinsame Dateien\Creative Labs Shared\Service\CTAELicensing.exe [2009-03-10 79360] S4 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [2009-03-19 179856] S4 NeroMediaHomeService.4;Nero MediaHome 4 Service;c:\programme\Nero\Nero MediaHome 4\NMMediaServerService.exe [2008-12-12 476456] S4 PDFProFiltSrv;PDFProFiltSrv;c:\programme\Nuance\PDF Professional 5\PDFProFiltSrv.exe [2008-02-27 144672] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 bdx REG_MULTI_SZ scan HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K] \Shell\AutoRun\command - k:\ctrun\Start.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L] \Shell\AutoRun\command - L:\Autorun.exe . Inhalt des "geplante Tasks" Ordners 2008-12-21 c:\windows\Tasks\1-Klick-Wartung.job - c:\programme\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-11 11:54] 2009-03-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = about:blank uInternet Settings,ProxyOverride = *.local IE: An vorhandene PDF-Datei anhängen - c:\programme\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML IE: Inhalt der ausgewählten Links an vorhandene PDF-Datei anhängen - c:\programme\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML IE: Linkinhalt an vorhandene PDF-Datei anhängen - c:\programme\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML IE: Mit Nuance PDF Converter 5.0 öffnen - c:\programme\Nuance\PDF Professional 5\cnvres_ger.dll /100 IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: PDF-Datei aus Linkinhalt erstellen - c:\programme\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML IE: PDF-Datei erstellen - c:\programme\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML IE: PDF-Dateien aus den ausgewählten Links erstellen - c:\programme\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML IE: Senden an &Bluetooth-Gerät... - c:\programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.de/scan_de/scan8/oscan8.cab FF - ProfilePath - c:\dokumente und einstellungen\Marcus\Anwendungsdaten\Mozilla\Firefox\Profiles\tq7bhggu.default\ FF - prefs.js: browser.startup.homepage - www.google.at FF - component: c:\programme\Mozilla Firefox\components\FFComm.dll ---- FIREFOX Richtlinien ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: content.max.tokenizing.time - 200000 FF - user.js: content.notify.interval - 100000 FF - user.js: content.switch.threshold - 650000 FF - user.js: nglayout.initialpaint.delay - 300 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-24 22:14:56 Windows 5.1.2600 Service Pack 3 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_USERS\S-1-5-21-1409082233-2052111302-839522115-1003\Software\SecuROM\License information*] "datasecu"=hex:4b,f2,ac,4d,df,7e,55,5c,2c,f5,ba,4e,81,22,f6,97,09,4e,ba,28,5e, 65,5a,28,42,e2,21,f2,c4,07,20,9f,c8,ad,ee,b9,77,a3,0c,a1,d8,ff,c3,80,3b,a1,\ "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*] "OODEFRAG11.00.00.01WORKSTATION"="48641732BF58E5223C4523609E4DD6453CA12C5AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BEC C74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC79338EDD5E5BE2F6E6675D575E7D6A3B9808D0194AED296BD235052CCECB566B2671A7E35FA9E3ADD9217CED94589EAB717D95 52896C890388BE1D3020F6C93F0696591098C3DE3312BA1ABBEFB1A8D866FDE0351A8DC2CB697F63AB038A2A501BDF5C946643B867CF8EADBFEECAE97741234D0F314F7802654789AD6ACE C06920B516611959FE473C3FEE6B5FDED356B6E50973B7169E64E00A52087BF1265A48267EAA339B1054F412ADF2410B2AC673E5D938CC2A0034B360175212024A76395FA3E86E8321128C 714BCF48D3051D15671577C0353AB92A05C3E8BCF4701609B927D7B46E39090A6A3F3FDD1F5235AFCEA60F1948BFBE05D7D76ABCA2AE1547AA3E78269D34C7E5B091C29E36D26A4AA98D21 90D55411F5DCE9390AC6EED1F452328E16B6C1DB8E18E39FDA489B9FDEA5DC1413B4148527BD9F7DCD03F0B1056F5F210CC266DC679C65DD96E6153A5D153C1242A16B70B444362168DAC8 9A62E6B7FDC2B078E0C459DDCA8B8AFAA428EFE70974BB1CAE2C61FED46BB75AF8694341342B4FA587F01327F9250B60CB9750AD2C3385BB1D94285C0A1C6462BCEB3014986855EB6FAAAD 2FBC85A7A72175F5F0EF3C67B51FE4D148797791EF59AD7EDEC2D05D20BCA3B4F9AF7E840B1B02C22A1080ABC51B0839CD9E295664C568A3E10FF1E3E99902D49B2D9A251732EE3EE20926 0300FB5FDE0EB61728F67EC838719E8948C3B2DF603FD896762BE46393BC9E850048303EE53D46D4E33304707978D30C538037CA4C241661C5FD347A9069D5AC1AD8AAED16A3932E4A7758 F3C7F3D721ACC05DC4341A0EA0C598274429AF79DDADBE62A85C9DAAA100F604DC29749624E07DDCC3558A2FAC8BD5C543F36B178D785D511F481AD9610EB691A7C49FC0A3E20372B2916D AA9213E69F6EAC0D81E59E6975750F9E35D45F13124568AF49E308F0DFEE6FD1F312BA52C3AFB0164F4529ECD34485C31495C5BA989A0670695D09B9E74B175AC59F44EFC967049E59BB80 467196A9351072F3B0BC81B0C31D3A8326540C573D1CE3566B4BE84C52BE8E76A658ED9AB309ED04CA99C6A21F245BF8D371EC2243B83CFBC6E47956EFE0393D92183C1E12A23FF03451AA 370B83D1CFAE111C8E4DA138225639D50F4AE6E7EBE543EA193A444F1D6C046271A682E8CE7D0639544B9E9D9B426E2D0B4AB9FB7FCE705619A798BE4B455B187521AD98A5572ADC53C4BC 629F892CA001E8880C56CCBACCCE6B8D5D24E583E88B40D41265275A118BD34FB5C8F921C8CAB7C5E0B33640140DA9D83534C72A639F5E8CB8822D765125A5E77714" . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- - - - - - - - > 'winlogon.exe'(1000) c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTServ.dll . ------------------------ Weitere laufende Prozesse ------------------------ . c:\programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe c:\programme\Creative\Shared Files\CTAudSvc.exe c:\programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\rundll32.exe c:\progra~1\MI3AA1~1\rapimgr.exe c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE c:\programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.exe . ************************************************************************** . Zeit der Fertigstellung: 2009-03-24 22:17:06 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2009-03-24 21:17:03 ComboFix2.txt 2009-03-23 21:41:30 ComboFix3.txt 2009-03-23 21:28:16 Vor Suchlauf: 16 Verzeichnis(se), 11.777.351.680 Bytes frei Nach Suchlauf: 16 Verzeichnis(se), 11,755,679,744 Bytes frei 423 --- E O F --- 2009-03-17 15:20:10 Wie sieht mein System nun aus? :juul: Danke! |
Soweit eigentlich ganz gut. :) Ich hab an einer Stelle geschlafen. Versprichst du mir, folgenden Dienst nie wieder über MSConfig zu aktivieren: MsSecurity1.209.4 Oder sollen wir den besser noch löschen? :p Auf jednefall kann man schonmal mit den Aufräumarbeiten beginnen: Combofix Deinstallieren Klick auf Start -> Ausführen -> eintippen combofix /U http://img247.imageshack.us/img247/7...ombofixvs6.jpg Damit ist Combofix und alle weiteren Programme entfernt wurden. Du kannst auch die restlichen genutzten Programme wieder deinstallieren. Ich würde dir empfehlen neben Bitdefender und der Firewal nur noch einen AntiSpywareScanner zu benutzen, etwa SASW oder Malwarebytes und alles andere zu deinstallieren. Dein System ist dadurch ausreichend geschützt. Poste danach bitte ein neues Log von RSIT. lg myrtille |
hallo :( ich hoffe es macht nichts das ich in diesen thread hier reinposte aber... ich bin froh das ich den hier wenigstens gefunden habe, ich bin total am ende mit meinen nerven, ich habe das selbe problem wie der andere user hier, ich sitze jetzt seit knapp 20:00 am pc, hat bei mir auch angefangen das ich ihn vorhin gestartet habe und mein kaspersky(2009) wollte net an gehen, hab direkt gemerkt das irgendwas net stimmt :/ hab versucht hjthis zu starten, aber das will auch nicht angehen, habs dann mit spybot s&d versucht, was ging und mir dann hupigon13 und den win32.delf.uv angezeigt hat, konnte die dann auch entfernen lassen, danach hat direkt kaspersky gestartet, hjthis leider immernoch nicht, hatte dann nen reboot und wieder das selbe problem kaspersky ging nicht, also wieder spybot habs entfernt, dann mit kaspersky nen fullscan, hab knapp 600gb daten, hat dann also knapp 2 stunden gedauert, und hat sogut wie nix gefunden, wollte dann ins netz, hab firefox gestartet, auf einmal hat kaspesky alarm geschlagen das eine gewisse dit(keine ahnung mehr...).dll(ist aber im system32 ordner) bösartige software ausm netz ziehen will, naja jedenfalls hat kaspersky die datei dann desinfiziert und dann regebootet mein system blieb jedoch nach der windows anmeldung hängen, also maus ging noch und alles, aber hab nach knapp 10min geduld verloren und den power knopf betätigt, dann wieder neugestartet, ohne inet kabel am rechner, und naja wieder alles beim gleichen, und nach langer suche bin ich jetzt hier gelandet, hab mich nen bisl durchgelesen, also da hjthis nicht funzt, hab ich mir mal combo fix und malwarebytes geladen, an combo fix trau ich mich lieber noch net ran, hab hier aber schon mal nen malwarebytes log für dich/euch, wäre auf jeden fall sau dankbar wenn ihr mir helfen könntet, weil ich kann unter keinem umständen mein system neu aufsetzen, wüsste auch garnet wohin mit den ganzen daten, externe platte ist voll usw, bin hier echt am verzweifeln!, naja ... ich gehe jetzt mal schlafen :/ Log folgt am ende, danke schonmal für evtl hilfe. grüße Malwarebytes' Anti-Malware 1.34 Datenbank Version: 1893 Windows 5.1.2600 Service Pack 2 25.03.2009 03:22:00 mbam-log-2009-03-25 (03-21-56).txt Scan-Methode: Quick-Scan Durchsuchte Objekte: 70168 Laufzeit: 6 minute(s), 58 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 50 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 4 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCONSOL.EXE (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVP32.EXE (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.EXE (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapw32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVNT.EXE (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.EXE (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVWNT.EXE (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCAN32.EXE (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ZONEALARM.EXE (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\filemon.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regmon.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32X.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPF.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OllyDBG.EXE (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regtool.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\niu.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\A2SERVICE.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGNT.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGUARD.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSCAN.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdagent.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CASECURITYCENTER.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EKRN.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FAMEH32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPAVSERVER.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPWIN.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSAV32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSGK32ST.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSMA32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsserv.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwadins.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwebupw.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GFRing3.exe (Security.Hijack) -> No action taken. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\WINDOWS\system32\drivers\ojpdriahgkvw.sys (Backdoor.Rustock) -> No action taken. (Hab mal haken bei entfernen gemacht und alles entfernt) Danke. |
Eröffne bitte einen eigenen thread. Wenn du Hijackthis nicht ausführen kannst, dann versuch die Datei umzubenennen. Wenn das auch nicht geht, dann führe bitte RSIT aus:
lg myrtille |
Hi, wenn du mir noch verrätst welcher Dienst dass tatsächlich ist, dann deaktiviere ich den auch? Sicherheitscenter? :confused: Habe alle Programm bis auf Spybot und Malwarebytes' deinstalliert, meinst du diese beiden Programme beeinflussen sich negativ? Welche Tipps hast du noch um eine erneute Infektion zu vermeiden. (ja ich weiß, nutzungsverhalten überdenken etc., aber vielleicht hast du ja sonst noch ein paar praktische Tipps) :daumenhoc Vielen Dank, Ihr seid echt Spitze hier in diesem Forum! :party: Logfile of random's system information tool 1.06 (written by random/random) Run by Marcus at 2009-03-25 23:12:09 Microsoft Windows XP Professional Service Pack 3 System drive C: has 11 GB (23%) free of 50 GB Total RAM: 3071 MB (85% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:12:10, on 25.03.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Creative\Shared Files\CTAudSvc.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Communicator\xcommsvr.exe C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe C:\Programme\BitDefender\BitDefender 2008\vsserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\CTXFIHLP.EXE C:\WINDOWS\system32\CTHELPER.EXE C:\Programme\BitDefender\BitDefender 2008\bdagent.exe C:\Programme\Microsoft ActiveSync\wcescomm.exe C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe C:\Programme\Logitech\SetPoint\SetPoint.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.EXE C:\Dokumente und Einstellungen\Marcus\Desktop\RSIT.exe C:\Programme\Trend Micro\HijackThis\Marcus.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: ZeonIEEventHelper Class - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Programme\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Programme\BitDefender\BitDefender 2008\IEToolbar.dll O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Programme\BitDefender\BitDefender 2008\IEShow.exe" O4 - HKLM\..\Run: [BDAgent] "C:\Programme\BitDefender\BitDefender 2008\bdagent.exe" O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: An vorhandene PDF-Datei anhängen - res://C:\Programme\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML O8 - Extra context menu item: Inhalt der ausgewählten Links an vorhandene PDF-Datei anhängen - res://C:\Programme\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML O8 - Extra context menu item: Linkinhalt an vorhandene PDF-Datei anhängen - res://C:\Programme\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML O8 - Extra context menu item: Mit Nuance PDF Converter 5.0 öffnen - res://C:\Programme\Nuance\PDF Professional 5\cnvres_ger.dll /100 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: PDF-Datei aus Linkinhalt erstellen - res://C:\Programme\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML O8 - Extra context menu item: PDF-Datei erstellen - res://C:\Programme\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML O8 - Extra context menu item: PDF-Dateien aus den ausgewählten Links erstellen - res://C:\Programme\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.de/scan_de/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1199570029031 O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15106/CTPID.cab O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Programme\Creative\Shared Files\CTAudSvc.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Programme\BitDefender\BitDefender 2008\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Communicator\xcommsvr.exe -- End of file - 9023 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\1-Klick-Wartung.job C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2009-02-27 61816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9}] ZeonIEEventHelper Class - C:\Programme\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll [2008-02-20 299008] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-03-23 35840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-23 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Programme\BitDefender\BitDefender 2008\IEToolbar.dll [2008-02-28 86016] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112] "nwiz"=nwiz.exe /install [] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-02-18 86016] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-02-18 13680640] "Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304] "CTxfiHlp"=C:\WINDOWS\system32\CTXFIHLP.EXE [2008-10-07 23552] "CTHelper"=C:\WINDOWS\system32\CTHELPER.EXE [2008-06-27 19456] "BitDefender Antiphishing Helper"=C:\Programme\BitDefender\BitDefender 2008\IEShow.exe [2007-10-09 61440] "BDAgent"=C:\Programme\BitDefender\BitDefender 2008\bdagent.exe [2008-09-04 368640] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "H/PC Connection Agent"=C:\Programme\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2005-02-16 221184] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe [2005-02-16 81920] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe [2009-02-11 399504] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Programme\Messenger\msmsgs.exe [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero MediaHome 4] C:\Programme\Nero\Nero MediaHome 4\NeroMediaHome.exe [2008-12-12 4584744] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF5 Registry Controller] C:\Programme\Nuance\PDF Professional 5\RegistryController.exe [2008-02-27 58656] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFHook] C:\Programme\Nuance\PDF Professional 5\pdfpro5hook.exe [2008-02-27 795936] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Programme\QuickTime\qttask.exe [2008-09-06 413696] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC] C:\Programme\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [2008-12-13 306088] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2007-03-26 210472] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Programme\Java\jre6\bin\jusched.exe [2009-03-23 148888] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe [2008-02-24 185896] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VolPanel] C:\Programme\Creative\Volume Panel\VolPanlu.exe [2008-08-06 233576] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^ASUS WiFi-AP Solo.lnk] C:\PROGRA~1\ASUSWI~1\RtWLan.exe [2006-09-05 995328] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Sonic CinePlayer Quick Launch.lnk] C:\Programme\Gemeinsame Dateien\Sonic Shared\CineTray.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "PnkBstrB"=3 "PnkBstrA"=3 "Nero BackItUp Scheduler 3"=2 "MsSecurity1.209.4"=2 "TuneUp.Defrag"=3 "PDFProFiltSrv"=3 "O&O Defrag"=3 "NeroMediaHomeService.4"=3 "Nero BackItUp Scheduler 4.0"=3 "JavaQuickStarterService"=2 "IDriverT"=3 "FLEXnet Licensing Service"=3 "Creative Audio Engine Licensing Service"=3 "Bonjour Service"=3 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart BTTray.lnk - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe Logitech SetPoint.lnk - C:\Programme\Logitech\SetPoint\SetPoint.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn] c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll [2008-05-02 72208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"=67108863 "NoDriveTypeAutoRun"=323 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000" "C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019" "C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\Programme\Messenger\msmsgs.exe"="C:\Programme\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "D:\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe"="D:\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)" "D:\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe"="D:\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)" "D:\AC\AssassinsCreed_Dx9.exe"="D:\AC\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9" "D:\AC\AssassinsCreed_Dx10.exe"="D:\AC\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10" "D:\AC\AssassinsCreed_Launcher.exe"="D:\AC\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update" "D:\RainbowSix_Vegas 2\Binaries\R6Vegas2_Game.exe"="D:\RainbowSix_Vegas 2\Binaries\R6Vegas2_Game.exe:*:Enabled:Tom Clancy's Rainbow Six Vegas 2" "D:\RainbowSix_Vegas 2\Binaries\R6Vegas2_Launcher.exe"="D:\RainbowSix_Vegas 2\Binaries\R6Vegas2_Launcher.exe:*:Enabled:Tom Clancy's Rainbow Six Vegas 2 Update" "D:\Grid\GRID.exe"="D:\Grid\GRID.exe:*:Enabled:GRID" "D:\Mass Effect\Binaries\MassEffect.exe"="D:\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game" "D:\Mass Effect\MassEffectLauncher.exe"="D:\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "E:\Call of Duty - World at War\CoDWaWmp.exe"="E:\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM)" "E:\Call of Duty - World at War\CoDWaW.exe"="E:\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM)" "C:\Programme\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe"="C:\Programme\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club" "E:\GTA IV\Grand Theft Auto IV\LaunchGTAIV.exe"="E:\GTA IV\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV" "C:\Programme\Microsoft ActiveSync\rapimgr.exe"="C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\Programme\Microsoft ActiveSync\wcescomm.exe"="C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\Programme\Microsoft ActiveSync\WCESMgr.exe"="C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" "D:\MirrorsEdge\Binaries\MirrorsEdge.exe"="D:\MirrorsEdge\Binaries\MirrorsEdge.exe:*:Enabled:Mirror's Edge™" "D:\Tom Clancy's EndWar\Binaries\EndWar.exe"="D:\Tom Clancy's EndWar\Binaries\EndWar.exe:*:Enabled:Tom Clancy's EndWar" "D:\Tom Clancy's EndWar\Tom Clancy's EndWar Launcher.exe"="D:\Tom Clancy's EndWar\Tom Clancy's EndWar Launcher.exe:*:Enabled:Tom Clancy's EndWar Launcher" "C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour" "C:\Programme\Nero\Nero MediaHome 4\NMMediaServerService.exe"="C:\Programme\Nero\Nero MediaHome 4\NMMediaServerService.exe:*:Disabled:Nero MediaHome 4" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Programme\Microsoft ActiveSync\rapimgr.exe"="C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\Programme\Microsoft ActiveSync\wcescomm.exe"="C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\Programme\Microsoft ActiveSync\WCESMgr.exe"="C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K] shell\AutoRun\command - K:\Ctrun\Start.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L] shell\AutoRun\command - L:\Autorun.exe |
======List of files/folders created in the last 1 months====== 2009-03-25 23:11:17 ----SHD---- C:\RECYCLER 2009-03-25 16:05:07 ----D---- C:\ComboFix 2009-03-24 22:17:08 ----D---- C:\WINDOWS\temp 2009-03-24 22:17:07 ----A---- C:\ComboFix1.txt 2009-03-23 22:03:58 ----D---- C:\WINDOWS\ERDNT 2009-03-23 21:22:55 ----A---- C:\WINDOWS\system32\deploytk.dll 2009-03-22 23:13:01 ----D---- C:\rsit 2009-03-22 11:59:58 ----D---- C:\Programme\Sophos 2009-03-22 11:22:04 ----D---- C:\Programme\Blacklight 2009-03-20 21:33:33 ----D---- C:\Programme\Lavasoft 2009-03-20 21:33:33 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft 2009-03-20 19:24:23 ----A---- C:\stinger10000482.exe 2009-03-20 14:46:19 ----A---- C:\WINDOWS\lsoon.ini 2009-03-20 14:24:31 ----A---- C:\WINDOWS\Partizan.txt 2009-03-20 14:16:54 ----RASHOT---- C:\WINDOWS\winstart.bat 2009-03-20 14:16:10 ----D---- C:\Dokumente und Einstellungen\Marcus\Anwendungsdaten\Regrun 2009-03-20 14:16:10 ----D---- C:\backreg 2009-03-20 14:15:55 ----D---- C:\Programme\Greatis 2009-03-20 00:09:52 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com 2009-03-20 00:09:48 ----D---- C:\Programme\SUPERAntiSpyware 2009-03-20 00:09:48 ----D---- C:\Dokumente und Einstellungen\Marcus\Anwendungsdaten\SUPERAntiSpyware.com 2009-03-19 18:00:48 ----AD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP 2009-03-19 18:00:41 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Tools 2009-03-19 17:48:59 ----A---- C:\VundoFix.txt 2009-03-19 17:27:01 ----D---- C:\WINDOWS\ERUNT 2009-03-19 15:41:45 ----D---- C:\Dokumente und Einstellungen\Marcus\Anwendungsdaten\Malwarebytes 2009-03-19 15:41:36 ----D---- C:\Programme\Malwarebytes' Anti-Malware 2009-03-19 15:41:36 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2009-03-19 15:10:32 ----D---- C:\Programme\Safer Networking 2009-03-18 17:25:10 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-03-18 16:32:31 ----D---- C:\Dokumente und Einstellungen\Marcus\Anwendungsdaten\Bitdefender 2009-03-18 16:31:38 ----D---- C:\Programme\BitDefender 2009-03-18 16:31:38 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BitDefender 2009-03-18 16:31:14 ----D---- C:\Programme\Gemeinsame Dateien\BitDefender 2009-03-18 16:18:13 ----D---- C:\Programme\Trend Micro 2009-03-18 16:03:02 ----D---- C:\Dokumente und Einstellungen\Marcus\Anwendungsdaten\QuickScan 2009-03-18 14:21:47 ----D---- C:\WINDOWS\BDOSCAN8 2009-03-17 22:43:25 ----D---- C:\WINDOWS\SxsCaPendDel 2009-03-17 20:43:33 ----D---- C:\WINDOWS\system32\Kaspersky Lab 2009-03-14 19:24:57 ----D---- C:\Dokumente und Einstellungen\Marcus\Anwendungsdaten\The Creative Assembly 2009-03-14 19:24:20 ----A---- C:\WINDOWS\system32\D3DX9_40.dll 2009-03-12 17:43:42 ----D---- C:\NVIDIA 2009-03-11 23:38:27 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$ 2009-03-11 23:38:21 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$ 2009-03-11 23:38:02 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$ 2009-03-10 02:47:11 ----RA---- C:\WINDOWS\system32\SET17E.tmp 2009-03-10 01:56:55 ----A---- C:\WINDOWS\system32\cttele32.dll 2009-03-10 01:22:59 ----A---- C:\CTSUFile.txt 2009-03-10 01:08:00 ----D---- C:\Programme\Gemeinsame Dateien\Creative Labs Shared 2009-03-10 00:40:31 ----N---- C:\WINDOWS\Ctregrun.exe 2009-03-10 00:39:42 ----N---- C:\WINDOWS\Updreg.EXE 2009-03-10 00:35:15 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Creative 2009-03-10 00:16:00 ----A---- C:\WINDOWS\sfbm.INI 2009-03-10 00:13:35 ----D---- C:\Programme\Driver Cleaner Pro 2009-03-09 23:30:50 ----A---- C:\WINDOWS\INRES.DLL 2009-03-09 23:26:14 ----A---- C:\WINDOWS\system32\sfms32.dll 2009-03-09 23:26:06 ----A---- C:\WINDOWS\system32\ac3api.dll 2009-03-09 23:21:21 ----A---- C:\WINDOWS\CoolPlay.ini 2009-03-08 17:39:58 ----D---- C:\WINDOWS\system32\Lang 2009-03-08 17:37:14 ----A---- C:\WINDOWS\system32\RtkCoInstXP.dll 2009-03-07 21:43:22 ----D---- C:\Dokumente und Einstellungen\Marcus\Anwendungsdaten\nView_Wallpaper 2009-03-07 21:04:42 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\nView_Profiles ======List of files/folders modified in the last 1 months====== 2009-03-25 23:09:25 ----D---- C:\Programme\Mozilla Firefox 2009-03-25 23:08:49 ----D---- C:\WINDOWS\Prefetch 2009-03-25 22:34:50 ----D---- C:\WINDOWS\system32 2009-03-25 17:57:13 ----A---- C:\WINDOWS\bdagent.INI 2009-03-25 16:17:17 ----SHD---- C:\System Volume Information 2009-03-25 16:17:17 ----D---- C:\WINDOWS\system32\Restore 2009-03-25 16:05:17 ----D---- C:\WINDOWS 2009-03-24 22:22:47 ----ASH---- C:\boot.ini 2009-03-24 22:22:47 ----A---- C:\WINDOWS\win.ini 2009-03-24 22:22:47 ----A---- C:\WINDOWS\system.ini 2009-03-24 22:17:09 ----D---- C:\WINDOWS\system32\drivers 2009-03-24 22:16:24 ----D---- C:\WINDOWS\system32\CatRoot2 2009-03-24 22:12:41 ----D---- C:\WINDOWS\system32\config 2009-03-24 22:11:01 ----D---- C:\WINDOWS\AppPatch 2009-03-24 22:10:54 ----D---- C:\Programme\Gemeinsame Dateien 2009-03-23 22:35:29 ----D---- C:\WINDOWS\pss 2009-03-23 22:18:11 ----RD---- C:\Programme 2009-03-23 21:43:32 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy 2009-03-23 21:32:00 ----HD---- C:\Config.Msi 2009-03-23 21:29:40 ----SHD---- C:\WINDOWS\Installer 2009-03-23 21:29:40 ----D---- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard 2009-03-23 21:22:42 ----A---- C:\WINDOWS\system32\javaws.exe 2009-03-23 21:22:42 ----A---- C:\WINDOWS\system32\javaw.exe 2009-03-23 21:22:42 ----A---- C:\WINDOWS\system32\java.exe 2009-03-23 21:22:40 ----D---- C:\Programme\Java 2009-03-23 21:17:51 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe 2009-03-23 21:17:05 ----D---- C:\Programme\Gemeinsame Dateien\Adobe 2009-03-23 21:16:43 ----D---- C:\Programme\Adobe 2009-03-23 21:02:44 ----DC---- C:\WINDOWS\system32\DRVSTORE 2009-03-22 22:00:41 ----HD---- C:\WINDOWS\inf 2009-03-22 21:20:32 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-03-22 20:54:22 ----SD---- C:\WINDOWS\Tasks 2009-03-22 11:16:38 ----SHD---- C:\WINDOWS\CSC 2009-03-20 21:56:00 ----D---- C:\WINDOWS\Transcend JetFlash Recovery Tool 2009-03-20 21:56:00 ----D---- C:\WINDOWS\Left 4 Dead 2009-03-20 21:33:29 ----D---- C:\WINDOWS\WinSxS 2009-03-20 21:20:40 ----D---- C:\WINDOWS\security 2009-03-20 21:07:24 ----HD---- C:\WINDOWS\system32\GroupPolicy 2009-03-18 16:51:17 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help 2009-03-18 15:53:36 ----D---- C:\Programme\Spybot - Search & Destroy 2009-03-18 15:18:49 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan 2009-03-18 14:21:50 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-03-18 13:50:45 ----D---- C:\WINDOWS\Minidump 2009-03-18 13:50:45 ----D---- C:\WINDOWS\Debug 2009-03-17 23:17:57 ----D---- C:\Programme\CCleaner 2009-03-17 21:45:58 ----D---- C:\Programme\Windows Installer Clean Up 2009-03-17 20:55:08 ----D---- C:\Dokumente und Einstellungen 2009-03-12 22:38:26 ----D---- C:\WINDOWS\nview 2009-03-12 22:36:18 ----D---- C:\WINDOWS\Help 2009-03-12 22:36:05 ----D---- C:\WINDOWS\system32\ReinstallBackups 2009-03-12 16:30:48 ----D---- C:\Programme\Windows Media Player 2009-03-11 23:32:43 ----A---- C:\WINDOWS\NeroDigital.ini 2009-03-11 15:59:18 ----D---- C:\WINDOWS\system32\CatRoot 2009-03-11 15:57:25 ----HD---- C:\WINDOWS\$hf_mig$ 2009-03-10 19:47:27 ----D---- C:\Programme\Security Task Manager 2009-03-10 02:49:15 ----A---- C:\WINDOWS\system32\wrap_oal.dll 2009-03-10 02:49:15 ----A---- C:\WINDOWS\system32\OpenAL32.dll 2009-03-10 02:49:08 ----D---- C:\WINDOWS\system32\Data 2009-03-10 02:46:21 ----HD---- C:\Programme\InstallShield Installation Information 2009-03-10 01:53:13 ----A---- C:\WINDOWS\sbwin.ini 2009-03-10 01:51:32 ----D---- C:\Programme\Creative 2009-03-10 00:38:08 ----D---- C:\WINDOWS\system 2009-03-10 00:24:09 ----D---- C:\Programme\ATI Technologies 2009-03-10 00:24:02 ----D---- C:\Dokumente und Einstellungen\Marcus\Anwendungsdaten\ATI 2009-03-09 23:26:15 ----D---- C:\Dokumente und Einstellungen\Marcus\Anwendungsdaten\Creative 2009-03-09 22:23:18 ----D---- C:\Programme\TuneUp Utilities 2008 2009-03-09 22:23:13 ----A---- C:\WINDOWS\system32\TuneUpDefragService.exe 2009-03-08 17:25:24 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 bdftdif;bdftdif; \??\C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Firewall\bdftdif.sys [] R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40448] R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-14 14720] R2 acedrv11;acedrv11; \??\C:\WINDOWS\system32\drivers\acedrv11.sys [] R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-01-20 278728] R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-01-20 25416] R3 Bdfndisf;BitDefender Firewall NDIS Filter Service; C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-06-02 86792] R3 bdfsfltr;bdfsfltr; C:\WINDOWS\system32\drivers\bdfsfltr.sys [2008-01-07 196368] R3 BDSelfPr;BDSelfPr; \??\C:\Programme\BitDefender\BitDefender 2008\bdselfpr.sys [] R3 btaudio;Bluetooth-Audiogerät; C:\WINDOWS\system32\drivers\btaudio.sys [2006-12-04 329901] R3 BTDriver;Virtueller Bluetooth-Kommunikationstreiber; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-12-04 30459] R3 BTKRNL;Bluetooth-Bus-Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-12-04 863402] R3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2006-12-04 47907] R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-12-04 67672] R3 CT20XUT.SYS;CT20XUT.SYS; C:\WINDOWS\System32\drivers\CT20XUT.SYS [2008-10-08 171032] R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2008-10-08 511000] R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2008-10-08 526232] R3 CTEXFIFX.SYS;CTEXFIFX.SYS; C:\WINDOWS\System32\drivers\CTEXFIFX.SYS [2008-10-08 1324056] R3 CTHWIUT.SYS;CTHWIUT.SYS; C:\WINDOWS\System32\drivers\CTHWIUT.SYS [2008-10-08 72728] R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2008-10-08 14360] R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2008-10-08 158744] R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2008-10-08 95768] R3 ha20x2k;Creative 20X HAL Driver; C:\WINDOWS\system32\drivers\ha20x2k.sys [2008-10-08 1177624] R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 HPFXBULK;HPFXBULK; C:\WINDOWS\system32\drivers\hpfxbulk.sys [2007-07-16 17432] R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344] R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880] R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-18 12288] R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-02-18 6308224] R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2008-10-08 130072] R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856] R3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000] R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2008-01-24 19336] R3 WmFilter;Logitech Gaming HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2008-01-24 28168] R3 WmXlCore;Logitech Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2008-01-24 48904] R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2006-05-23 245248] S1 ATITool;ATITool Overclocking Utility; C:\WINDOWS\system32\DRIVERS\ATITool.sys [2006-11-10 24064] S3 aq4a2npw;aq4a2npw; C:\WINDOWS\system32\drivers\aq4a2npw.sys [] S3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] S3 ATIAVAIW;ATI T200 Unified AVStream service; C:\WINDOWS\system32\DRIVERS\atinavt2.sys [] S3 catchme;catchme; \??\C:\ComboFix\catchme.sys [] S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 COMMONFX.SYS;COMMONFX.SYS; C:\WINDOWS\System32\drivers\COMMONFX.SYS [2008-06-27 99352] S3 COMMONFX;COMMONFX; C:\WINDOWS\system32\drivers\COMMONFX.SYS [2008-06-27 99352] S3 CT20XUT;CT20XUT; C:\WINDOWS\system32\drivers\CT20XUT.SYS [2008-10-08 171032] S3 CTAUDFX.SYS;CTAUDFX.SYS; C:\WINDOWS\System32\drivers\CTAUDFX.SYS [2008-06-27 555032] S3 CTAUDFX;CTAUDFX; C:\WINDOWS\system32\drivers\CTAUDFX.SYS [2008-06-27 555032] S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2008-10-08 347080] S3 CTERFXFX.SYS;CTERFXFX.SYS; C:\WINDOWS\System32\drivers\CTERFXFX.SYS [2008-06-27 100888] S3 CTERFXFX;CTERFXFX; C:\WINDOWS\system32\drivers\CTERFXFX.SYS [2008-06-27 100888] S3 CTEXFIFX;CTEXFIFX; C:\WINDOWS\system32\drivers\CTEXFIFX.SYS [2008-10-08 1324056] S3 CTHWIUT;CTHWIUT; C:\WINDOWS\system32\drivers\CTHWIUT.SYS [2008-10-08 72728] S3 CTSBLFX.SYS;CTSBLFX.SYS; C:\WINDOWS\System32\drivers\CTSBLFX.SYS [2008-06-27 566296] S3 CTSBLFX;CTSBLFX; C:\WINDOWS\system32\drivers\CTSBLFX.SYS [2008-06-27 566296] S3 DFUBTUSB;WIDCOMM USB Bluetooth Driver in DFU State; C:\WINDOWS\System32\Drivers\frmupgr.sys [2007-01-03 27536] S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [] S3 ggflt;SEMC USB Flash Driver Filter; C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-02-04 13352] S3 ggsemc;SEMC USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2008-02-04 20520] S3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [] S3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys [] S3 MPE;BDA MPE-Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] S3 Partizan;Partizan; C:\WINDOWS\system32\drivers\Partizan.sys [] S3 pctplsg;pctplsg; \??\C:\WINDOWS\system32\drivers\pctplsg.sys [] S3 Profos;Profos; \??\C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Threat Scanner\profos.sys [] S3 RivaTuner32;RivaTuner32; \??\C:\Programme\RivaTuner v2.20\RivaTuner32.sys [] S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter; C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2006-09-05 176128] S3 SjyPkt;SjyPkt; \??\C:\WINDOWS\System32\Drivers\SjyPkt.sys [] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 TfNetMon;TfNetMon; \??\C:\WINDOWS\system32\drivers\TfNetMon.sys [] S3 Trufos;Trufos; \??\C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Threat Scanner\trufos.sys [] S3 usb_rndisx;USB-RNDIS-Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [] S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672] S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2008-01-24 14728] S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] S4 WS2IFSL;Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-18 12032] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 btwdins;Bluetooth Service; C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-11-29 266295] R2 CTAudSvcService;Creative Audio Service; C:\Programme\Creative\Shared Files\CTAudSvc.exe [2008-10-31 307200] R2 LBTServ;Logitech Bluetooth Service; C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe [2008-05-02 121360] R2 LIVESRV;BitDefender Desktop Update Service; C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe [2008-11-18 1179648] R2 MDM;Machine Debug Manager; C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872] R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-02-18 163908] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 VSSERV;BitDefender Virus Shield; C:\Programme\BitDefender\BitDefender 2008\vsserv.exe [2008-08-29 1261568] R2 XCOMM;BitDefender Communicator; C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Communicator\xcommsvr.exe [2007-11-27 86016] R3 scan;BitDefender Threat Scanner; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256] S3 odserv;Microsoft Office Diagnostics Service; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776] S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 Bonjour Service;Bonjour-Dienst; C:\Programme\Bonjour\mDNSResponder.exe [2008-08-29 238888] S4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service; C:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\CTAELicensing.exe [2009-03-10 79360] S4 Crypkey License;Crypkey License; C:\WINDOWS\system32\crypserv.exe [2006-03-01 69632] S4 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-07-02 654848] S4 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632] S4 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-03-23 152984] S4 MBAMService;MBAMService; C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe [2009-02-11 179856] S4 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe [2008-12-05 935208] S4 NeroMediaHomeService.4;Nero MediaHome 4 Service; C:\Programme\Nero\Nero MediaHome 4\NMMediaServerService.exe [2008-12-12 476456] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880] S4 NMIndexingService;NMIndexingService; C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe [] S4 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2008-09-04 1295616] S4 PDFProFiltSrv;PDFProFiltSrv; C:\Programme\Nuance\PDF Professional 5\PDFProFiltSrv.exe [2008-02-27 144672] S4 TuneUp.Defrag;TuneUp Drive Defrag-Dienst; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-03-09 355584] S4 UxTuneUp;TuneUp Designerweiterung; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] -----------------EOF----------------- |
info.txt logfile of random's system information tool 1.06 2009-03-25 23:12:11 ======Uninstall list====== -->"C:\Programme\Creative\Sound Blaster X-Fi\Program\SETUP.EXE" /S /U /W /L:GER -->C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER -->C:\Programme\Gemeinsame Dateien\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="9M03-07A0-7UEM-MU88-UL4X-03TW-HHUH-1361" -->C:\Programme\Gemeinsame Dateien\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="9M06-00A0-C1T4-M01L-MX8C-57L3-LECL-9669" -->C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 -->C:\Programme\ProgDVB\uninstall.exe -->MsiExec /X{DD1865F0-AD73-40FB-B23E-1822E02396FF} -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{06E3E953-0570-4DFF-A7B5-46114C390228}\setup.exe" -l0x7 -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{06E3E953-0570-4DFF-A7B5-46114C390228}\setup.exe" -l0x7 /remove -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x7 -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2670895A-4E6C-4450-B868-7B7DB80A3357}\setup.exe" -l0x7 -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x7 -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x7 /remove -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x7 -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x7 -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x7 /remove -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{888347B3-AEC5-4BB5-8BAB-781D72A57C73}\setup.exe" -l0x7 -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x7 -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B5AF6143-E738-4768-A5E6-C07C68A464A4}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B5AF6143-E738-4768-A5E6-C07C68A464A4}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{C229589D-CC1A-43FF-9507-CDED3AB85325}\setup.exe" -l0x7 -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{C229589D-CC1A-43FF-9507-CDED3AB85325}\setup.exe" -l0x7 /remove -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{CC3D3A93-C433-4329-AC3A-7EFC52A332C2}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{CC3D3A93-C433-4329-AC3A-7EFC52A332C2}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{D8A544F4-AC5F-4B67-9C74-F3E976798797}\setup.exe" -l0x7 -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{D8A544F4-AC5F-4B67-9C74-F3E976798797}\setup.exe" -l0x7 /remove -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x7 -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x7 /remove -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FCCDA302-32D9-4AE7-A094-4BE677554F26}\setup.exe" -l0x7 -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {58FC5E37-DD28-4D4A-A549-125744C6763C} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {888B9AC7-8F5C-456B-A27A-157A6C310E52} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD} 32 Bit HP BiDi Channel Components Installer-->MsiExec.exe /I{9DE3F260-B88E-42CE-90E7-73C78C37D95E} 7-Zip 4.57-->"C:\Programme\7-Zip\Uninstall.exe" Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95} Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61} Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394} Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23} Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C} Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C} Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E} Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9} Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2} Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029} Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A} Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D} Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD} Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2} Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B} Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245} Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078} Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C} Adobe Photoshop CS3-->C:\Programme\Gemeinsame Dateien\Adobe\Installers\5f143314a5d434c8511097393d17397\Setup.exe Adobe Photoshop CS3-->MsiExec.exe /I{29F05234-DCBB-4FE0-88DC-5160C9250312} Adobe Reader 9.1 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A91000000001} Adobe Setup-->MsiExec.exe /I{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C} Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183} Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312} Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8} Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5} Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6} Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923} aerosoft's - FDC Live Cockpit-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{126B6545-C321-4C22-A8C1-F59065A5E344}\Setup.exe" -uninst Assassin's Creed-->C:\Programme\InstallShield Installation Information\{8CFA9151-6404-409A-AF22-4632D04582FD}\setup.exe -runfromtemp -l0x0007 -removeonly ASUS WiFi-AP Solo-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{8B3F4499-32E6-470D-8586-E6C03420F889}\Setup.exe" -l0x9 REMOVE BitDefender Total Security 2008-->MsiExec.exe /I{E404EFD4-6110-413C-AD1A-D6D0F261960E} Bridge Builder-->D:\Bridge builder\uninstall.exe Call of Duty(R) - World at War(TM)-->C:\Programme\InstallShield Installation Information\{D80A6A73-E58A-4673-AFF5-F12D7110661F}\setup.exe -runfromtemp -l0x0409 Canon S750-->C:\WINDOWS\system32\CNMCP3q.exe "-PRINTERNAMECanon S750" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon S750 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon S750 Installer\Inst2\cnmi0407.dll" CCleaner (remove only)-->"C:\Programme\CCleaner\uninst.exe" CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A} City Life 2008-->D:\City Life\uninst.exe Combined Community Codec Pack 2008-01-24-->"C:\Programme\Combined Community Codec Pack\unins000.exe" Creative Audio-Systemsteuerung-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x7 /remove Creative Konsole Starter-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{888347B3-AEC5-4BB5-8BAB-781D72A57C73}\setup.exe" -l0x7 /remove Creative WaveStudio 7-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2670895A-4E6C-4450-B868-7B7DB80A3357}\setup.exe" -l0x7 /remove CuteFTP 7 Professional-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{1CCBCF78-EF12-4137-B3CA-99F30A2E7D21}\Setup.exe" -l0x9 DH Driver Cleaner Professional Edition-->C:\Programme\Driver Cleaner Pro\Uninstall.exe DivX Codec-->C:\Programme\DivX\DivXCodecUninstall.exe /CODEC DivX Converter-->C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER EVEREST Home Edition v2.20-->"C:\Programme\Lavalys\EVEREST Home Edition\unins000.exe" EVGA Precision 1.3.2-->"C:\Programme\EVGA Precision\uninstall.exe" Fallout 3-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{974C4B12-4D02-4879-85E0-61C95CC63E9E}\setup.exe" -l0x9 -removeonly FS Global 2008 for FSX-->E:\MICROS~1\pilots_software\fsgx\uninstal.exe E:\MICROS~1\pilots_software\fsgx Google Earth-->MsiExec.exe /I{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90} Grand Theft Auto IV-->"C:\Programme\InstallShield Installation Information\{579BA58C-F33D-4970-9953-B94B43768AC3}\setup.exe" -runfromtemp -l0x0007 -removeonly GRID-->"C:\Programme\InstallShield Installation Information\{5A0B7BA5-4682-4273-81C2-69B17E649103}\setup.exe" -runfromtemp -l0x0007 -removeonly GTA IV Realism Mod - Windows XP 1.00-->C:\Program Files\Rockstar Games\GTA IV Realism Mod v1.0\Uninstall.exe GTR Evolution-->"D:\GTR Evolution\Uninstall\unins000.exe" Handbrake 0.9.2-->C:\Programme\Handbrake\uninst.exe HijackThis 2.0.2-->"C:\Programme\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hitman Blood Money-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{A804B134-F03D-4EFD-9BC0-DCD257AA1B22}\setup.exe" -l0x9 -removeonly Hospital Tycoon-->D:\Hospital Tycoon\uninstall.exe Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Hotfix für Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe" Hotfix für Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" HP Color LaserJet CP1510 Series 2.0-->C:\Programme\HP\Digital Imaging\{223C0721-A6B0-4853-88C0-331029841734}\setup\hpzscr01.exe -datfile hppscr09.dat -onestop -forcereboot Java(TM) 6 Update 12-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF} Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355} Lautstärkefenster-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FCCDA302-32D9-4AE7-A094-4BE677554F26}\setup.exe" -l0x7 /remove Logitech Gaming Software 5.02-->MsiExec.exe /X{64B20B36-AEE7-4DD4-897C-C5DA5C218F60} Logitech SetPoint-->C:\Programme\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0007 -removeonly Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe" Marvell Miniport Driver-->MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B} Mass Effect-->C:\Programme\Gemeinsame Dateien\BioWare\Uninstall Mass Effect.exe Medieval CUE Splitter-->MsiExec.exe /I{B96D2269-568B-4CBF-9332-12FAE8B158F7} Medieval II Total War : Kingdoms : Americas-->C:\Programme\InstallShield Installation Information\{75983B66-804C-40D1-BA13-64DAF652A6F1}\setup.exe -runfromtemp -l0x0009 -removeonly Medieval II Total War : Kingdoms : Britannia-->C:\Programme\InstallShield Installation Information\{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}\setup.exe -runfromtemp -l0x0009 -removeonly Medieval II Total War : Kingdoms : Crusades-->C:\Programme\InstallShield Installation Information\{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}\setup.exe -runfromtemp -l0x0009 -removeonly Medieval II Total War : Kingdoms : Teutonic-->C:\Programme\InstallShield Installation Information\{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}\setup.exe -runfromtemp -l0x0009 -removeonly Medieval II Total War-->C:\Programme\InstallShield Installation Information\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\setup.exe -runfromtemp -l0x0009 -removeonly Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU-->MsiExec.exe /I{9309DD7E-EBFE-3C95-8B47-30D3A012F606} Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28} Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU-->MsiExec.exe /I{A1071AEB-B0EF-3F5F-BC84-83A270EBE496} Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783} Microsoft .NET Framework 3.5 Language Pack - DEU-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - deu\setup.exe Microsoft .NET Framework 3.5 Language Pack - deu-->MsiExec.exe /I{1545207E-C6F3-31D7-9918-BDBB65075FBF} Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40} Microsoft ActiveSync-->MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE} Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Flight Simulator X Service Pack 1-->C:\WINDOWS\system32\msiexec.exe /qb /l*vx "%TEMP%\FlightSimPatchUninstall.log" /uninstall {7FB5887E-FA27-4CDC-BBA4-146487E789FA} /package {F535B2CF-C9BB-4162-B03A-02D6971F32CC} Microsoft Flight Simulator X Service Pack 2-->MsiExec.exe /X{E7CC4B85-DC2F-463F-8FEB-E7398E25C19A} Microsoft Flight Simulator X-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{F535B2CF-C9BB-4162-B03A-02D6971F32CC} Microsoft Flight Simulator X-->MsiExec.exe /X{F535B2CF-C9BB-4162-B03A-02D6971F32CC} Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F} Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{FD052FB9-FE90-4438-B355-15EDC89D8FB1} Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office Access MUI (German) 2007-->MsiExec.exe /X{90120000-0015-0407-0000-0000000FF1CE} Microsoft Office Enterprise 2007-->"C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE} Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE} Microsoft Office Groove MUI (German) 2007-->MsiExec.exe /X{90120000-00BA-0407-0000-0000000FF1CE} Microsoft Office InfoPath MUI (German) 2007-->MsiExec.exe /X{90120000-0044-0407-0000-0000000FF1CE} Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE} Microsoft Office Outlook MUI (German) 2007-->MsiExec.exe /X{90120000-001A-0407-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE} Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE} Microsoft Office Publisher MUI (German) 2007-->MsiExec.exe /X{90120000-0019-0407-0000-0000000FF1CE} Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE} Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE} Microsoft Train Simulator-->"D:\Microsoft Games\Train Simulator\UNINSTAL.EXE" /runtemp /addremove Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} Microsoft Visual J# .NET Redistributable Package 1.1-->MsiExec.exe /X{1A655D51-1423-48A3-B748-8F5A0BE294C8} Mirror's Edge™-->MsiExec.exe /X{AEDBD563-24BB-4EE3-8366-A654DAC2D988} MKVtoolnix 2.2.0-->C:\Programme\MKVtoolnix\uninst.exe Mozilla Firefox (3.0.3)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC} MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08} MyMicroBalance-->MsiExec.exe /I{8DE52585-128B-4C71-9AC7-224DB87490D8} MyTraffic X Version 5.1b-->E:\Microsoft Flight Simulator X\MyTrafficX_uninstall.exe Nero MediaHome 4-->C:\Programme\Gemeinsame Dateien\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="9M06-00A0-96M6-UT8U-CXA3-30Z4-WUEX-9C6E" neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} NewsLeecher v3.9 Final-->"C:\Programme\NewsLeecher\unins000.exe" Nuance PDF Professional 5-->MsiExec.exe /I{76314E3E-BD04-47AF-9765-9FA798FC5B01} |
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI NVIDIA PhysX-->MsiExec.exe /X{DD1865F0-AD73-40FB-B23E-1822E02396FF} O&O Defrag Professional Edition-->MsiExec.exe /I{E6CB18CD-04EF-4C6A-A5F3-5F49E7332895} OpenAL-->"C:\Programme\OpenAL\OALInst.exe" /U PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5} PowerDVD-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall ProtectDisc Driver, Version 11-->C:\Programme\ProtectDisc Driver Installer\uninstall_v11.exe QuickPar 0.9-->C:\Programme\QuickPar\uninst.exe QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB} RAR Password Recovery v1.1 RC17 (remove only)-->C:\Programme\Intelore\RAR Password Recovery\uninstall.exe ratDVD 0.78.1444-->C:\Programme\ratDVD\uninst.exe RCT3 Soaked-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{EA926717-CE5A-4CB4-AB21-9E6E9565A458}\setup.exe" -l0x7 RealPlayer-->C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 RivaTuner v2.20-->"C:\Programme\RivaTuner v2.20\uninstall.exe" Rockstar Games Social Club-->"C:\Programme\InstallShield Installation Information\{08B3869E-D282-424C-9AFC-870E04A4BA14}\setup.exe" -runfromtemp -l0x0007 -removeonly RollerCoaster Tycoon 3-->"D:\RC3\uninst\unins000.exe" R-Studio 4.2-->C:\Programme\R-Studio\Uninstall.exe RTL Winter Sports 2008-->"D:\RTL Winter Sports 2008\Uninstall.exe" RunAlyzer-->"C:\Programme\Safer Networking\RunAlyzer\unins000.exe" S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0005]-->"D:\S.T.A.L.K.E.R. - Shadow of Chernobyl\unins000.exe" Security Task Manager 1.7g-->C:\Programme\Security Task Manager\Uninstal.exe "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Security Task Manager" Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85} Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7} Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2} Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B} Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4} Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77} Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85} Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F} Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC} Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C} Security Update for Visio 2007 (KB947590)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41} Sicherheitsupdate für Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf Sicherheitsupdate für Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe" Sins of a Solar Empire Demo-->"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{DCCC02D4-0037-45EA-827D-DF603145C5BB}\Setup.exe" REMOVE=TRUE MODIFY=FALSE Ski Park Manager 2003-->"D:\Ski Park Manager 2003\unins000.exe" SopCast 3.0.3-->C:\Programme\SopCast\uninst.exe Sound Blaster X-Fi-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}\SETUP.EXE" -l0x7 /remove SoundFont-Bank-Manager-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x7 /remove Spybot - Search & Destroy-->"C:\Programme\Spybot - Search & Destroy\unins000.exe" TagRunner 2.0.1.2-->"C:\Programme\RapidSolution\TagRunner\unins000.exe" Theme Hospital-->C:\WINDOWS\unin0407.exe -f"d:\Theme Hospital\DeIsL1.isu" Tom Clancy's EndWar-->"C:\Programme\InstallShield Installation Information\{7C3D8108-8D99-427F-A1C2-D8E0D25A469C}\setup.exe" -runfromtemp -l0x0007 -removeonly Tom Clancy's Rainbow Six Vegas 2-->"C:\Programme\InstallShield Installation Information\{FD416706-875C-4B0B-A23A-9E740DAE029E}\setup.exe" -runfromtemp -l0x0007 -removeonly TomTom HOME 2.5.2.60-->C:\Programme\TomTom HOME 2\Uninstall TomTom HOME.exe TuneUp Utilities 2008-->MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA} UEFA EURO 2008™-->MsiExec.exe /X{DE3FCA5F-7B8A-482B-89A9-CC9BD5F656A1} Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756} Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278} Update for Outlook 2007 Junk Email Filter (kb962871)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {297857BF-4011-449B-BD74-DB64D182821C} Update für Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Update für Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Update für Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Update für Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" Update Service-->C:\Programme\Sony Ericsson\Update Service\uninst.exe VC_MergeModuleToMSI-->MsiExec.exe /I{900A92BA-19EF-4A34-86CF-7B6C85BDD971} Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27} Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT="" Wichtiges Update für Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe" WIDCOMM Bluetooth Software-->MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6} Winamp-->"C:\Programme\Winamp\UninstWA.exe" Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52} Windows Media Format 11 runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows Mobile®-X1 XPERIA Handbuch-->C:\Programme\Windows Mobile-X1 XPERIA Handbuch\Windows Mobile Device Handbook\Bin\DHUninstall.exe Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840} Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" WinRAR-->C:\Programme\WinRAR\uninstall.exe XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe" =====HijackThis Backups===== O20 - Winlogon Notify: ssqnKaBt - ssqnKaBt.dll (file missing) [2009-03-19] O21 - SSODL: DscMon - {23CFE69B-19C3-F0FE-7C86-053BF104A150} - (no file) [2009-03-19] O23 - Service: Nachrichtendienst Messengermnmsrvc (Messengermnmsrvc) - Unknown owner - C:\WINDOWS\system32\actxprxyu.exe (file missing) [2009-03-19] O23 - Service: Shellhardwareerkennung ShellHWDetectionWmdmPmSN (ShellHWDetectionWmdmPmSN) - Unknown owner - C:\WINDOWS\system32\advapi32w.exe (file missing) [2009-03-19] O23 - Service: Nachrichtendienst Messengermnmsrvc (Messengermnmsrvc) - Unknown owner - C:\WINDOWS\system32\actxprxyu.exe (file missing) [2009-03-20] O23 - Service: Nachrichtendienst Messengermnmsrvc (Messengermnmsrvc) - Unknown owner - C:\WINDOWS\system32\actxprxyu.exe (file missing) [2009-03-20] O23 - Service: Shellhardwareerkennung ShellHWDetectionWmdmPmSN (ShellHWDetectionWmdmPmSN) - Unknown owner - C:\WINDOWS\system32\advapi32w.exe (file missing) [2009-03-20] O23 - Service: Shellhardwareerkennung ShellHWDetectionWmdmPmSN (ShellHWDetectionWmdmPmSN) - Unknown owner - C:\WINDOWS\system32\advapi32w.exe (file missing) [2009-03-20] ======Security center information====== AV: Bitdefender Antivirus FW: Bitdefender Firewall ======System event log====== Computer Name: DESKTOP Event Code: 10020 Message: Die computerweite Start und Aktivierung-Sicherheitsbeschreibung (Standard) ist ungültig. Sie enthält Zugriffssteuerungseinträge mit ungültigen Berechtigungen. Die angeforderte Aktion wurde daher nicht ausgeführt. Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste korrigiert werden. Record Number: 27173 Source Name: DCOM Time Written: 20090317195418.000000+060 Event Type: error User: Computer Name: DESKTOP Event Code: 10020 Message: Die computerweite Start und Aktivierung-Sicherheitsbeschreibung (Standard) ist ungültig. Sie enthält Zugriffssteuerungseinträge mit ungültigen Berechtigungen. Die angeforderte Aktion wurde daher nicht ausgeführt. Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste korrigiert werden. Record Number: 27169 Source Name: DCOM Time Written: 20090317175658.000000+060 Event Type: error User: Computer Name: DESKTOP Event Code: 7000 Message: Der Dienst "BitDefender Virus Shield" wurde aufgrund folgenden Fehlers nicht gestartet: Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung. Record Number: 27168 Source Name: Service Control Manager Time Written: 20090317175619.000000+060 Event Type: error User: Computer Name: DESKTOP Event Code: 7009 Message: Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst BitDefender Virus Shield. Record Number: 27167 Source Name: Service Control Manager Time Written: 20090317175619.000000+060 Event Type: error User: Computer Name: DESKTOP Event Code: 10020 Message: Die computerweite Start und Aktivierung-Sicherheitsbeschreibung (Standard) ist ungültig. Sie enthält Zugriffssteuerungseinträge mit ungültigen Berechtigungen. Die angeforderte Aktion wurde daher nicht ausgeführt. Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste korrigiert werden. Record Number: 27166 Source Name: DCOM Time Written: 20090317175618.000000+060 Event Type: error User: =====Application event log===== Computer Name: DESKTOP Event Code: 2 Message: Title GTAIV.exe (1, 0, 0, 0) XLive 2.0.0673.0 (PANORAMA_V2.00_RTM.081028-1714) C:\WINDOWS\system32\xlive.dll 0x80151909 Live Logon Failed 00:1E:25:9D:AF:8F 192.168.1.7 0x0 LogonHR == 0x80150002 Games for Windows - LIVE DLL Record Number: 5746 Source Name: XLive Time Written: 20081205144603.000000+060 Event Type: warning User: Computer Name: DESKTOP Event Code: 2 Message: Title GTAIV.exe (1, 0, 0, 0) XLive 2.0.0673.0 (PANORAMA_V2.00_RTM.081028-1714) C:\WINDOWS\system32\xlive.dll 0x80151909 XLive Logon Failed 00:1E:25:9D:AF:8F 192.168.1.7 0x0 LogonHR == 0x80151909 Games for Windows - LIVE DLL Record Number: 5745 Source Name: XLive Time Written: 20081205143010.000000+060 Event Type: warning User: Computer Name: DESKTOP Event Code: 2 Message: Title GTAIV.exe (1, 0, 0, 0) XLive 2.0.0673.0 (PANORAMA_V2.00_RTM.081028-1714) C:\WINDOWS\system32\xlive.dll 0x80151909 Live Logon Failed 00:1E:25:9D:AF:8F 192.168.1.7 0x0 LogonHR == 0x80150002 Games for Windows - LIVE DLL Record Number: 5744 Source Name: XLive Time Written: 20081205143010.000000+060 Event Type: warning User: Computer Name: DESKTOP Event Code: 2 Message: Title GTAIV.exe (1, 0, 0, 0) XLive 2.0.0673.0 (PANORAMA_V2.00_RTM.081028-1714) C:\WINDOWS\system32\xlive.dll 0x8015190b XLive Logon Failed 00:1E:25:9D:AF:8F 192.168.1.7 0x0 LogonHR == 0x8015190b Games for Windows - LIVE DLL Record Number: 5743 Source Name: XLive Time Written: 20081205142753.000000+060 Event Type: warning User: Computer Name: DESKTOP Event Code: 2 Message: Title GTAIV.exe (1, 0, 0, 0) XLive 2.0.0673.0 (PANORAMA_V2.00_RTM.081028-1714) C:\WINDOWS\system32\xlive.dll 0x8015190b Live Logon Failed 00:1E:25:9D:AF:8F 192.168.1.7 0x0 LogonHR == 0x80150002 Games for Windows - LIVE DLL Record Number: 5742 Source Name: XLive Time Written: 20081205142753.000000+060 Event Type: warning User: ======Environment variables====== "CLASSPATH"=.;C:\Programme\Java\jre1.6.0_03\lib\ext\QTJava.zip "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "NUMBER_OF_PROCESSORS"=4 "OS"=Windows_NT "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Programme\ATI Technologies\ATI.ACE\Core-Static;C:\Programme\QuickTime\QTSystem "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 7, GenuineIntel "PROCESSOR_LEVEL"=6 "PROCESSOR_REVISION"=1707 "QTJAVA"=C:\Programme\Java\jre1.6.0_03\lib\ext\QTJava.zip "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "windir"=%SystemRoot% "RGSCLauncher"=C:\Programme\Rockstar Games\Rockstar Games Social Club "RGSC"=C:\Programme\Rockstar Games\Rockstar Games Social Club\1_0_0_0 -----------------EOF----------------- |
Hi, das sieht soweit alles sauber aus. :) Eigentlich sollten sich die Programme nicht in die queere kommen, wenn du ganz sicher gehen willst, dann deaktivierst du den TeaTimer von Spybot und scannst nur bei Bedarf mit dem Programm. Der Dienst ist bereits deaktiviert. Er sollte nur noch unter MSConfig->Dienste aufgeführt sein, allerdings ohne Haken. (und so soll es auch bleiben ;) ) Tja, sicherer Umgang mit dem Internet. :p Das ist so ein Thema. Viele schwören hier auf Brain.exe ;) Wer nachdenkt fängt sich in der Regel nichts ein. :D Brain.exe ist eine Umschreibung für die Tatsache, dass man mit etwas Sachverstand an den Rechner und das Internet rangehen sollen. Insbesondere:
Der Hintergedanke ist, dass das Problem in der Regel nicht der Virenschutz ist, sondern die Tatsache, dass dieser ignoriert wird weil man video a oder programm b jetzt zum laufen bringen will. lg myrtille |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 11:38 Uhr. |
Copyright ©2000-2025, Trojaner-Board